I agree with Andy Law, Interceptors is much better, and you can implement your security as you want. To my applications I use an object in a Session Scope and check if it still exists... if not... redirect to login action.. simple and easy.
On Mon, Dec 15, 2008 at 10:35 AM, shekher awasthi <shekher.awas...@gmail.com> wrote: > I am planing to use interceptor for this but not sure how to plan this > > as using interceptor can not gurantee a robust authenticate mechanism > what i planned is as below > > if user provide the valid information store the user object in the session > scoped map and for all incoming request to secure region check the user > object in the session using the interceptor,but will that be a robust > approach??? > > any suggestion for this > > On Mon, Dec 15, 2008 at 5:55 PM, Andy Law <andy....@roslin.ed.ac.uk> wrote: > >> >> >> Shekher wrote: >> > >> > Hi All, >> > >> > We are developing an application based on Struts2 framework. We are on >> way >> > to develop application based security so that the unauthorized user can >> > not >> > access the secure area,it needs the request to be from the authorized >> > person.We can have the Below mentioed approach >> > >> > 1) For Secure area the user must be logged in to the ysystem and have >> > authorization for accessing that >> > 2) For every request coming to the secured region, we need to put the >> > check >> > if the user is a valid one or not. >> > >> > We cab think of the functionality which checks for the icoming request >> for >> > its authentication and permits only authenticated request. >> > >> > I need your suggestion about the approach we can follow in struts2 so >> that >> > we can achieve the above mentioed points and also maintenance and >> > enterprise >> > integration will be area of concern. >> > >> > IF any one have worked or working on similar area pleaes share his/her >> > view >> > how to achieve that here in struts2 >> > >> > Thanks in advance >> > shekher >> > >> > >> >> I think that you need to be looking at Interceptors. You can couple them as >> tightly or as loosely to your Actions as you like. You can also build >> systems using Interceptors that factor out the control of the >> authentication >> and authorisation to completely separate code which makes integrating with >> other enterprise systems a bit easier. >> >> Later, >> >> Andy >> -- >> View this message in context: >> http://www.nabble.com/Application-based-Security-tp21010272p21012989.html >> Sent from the Struts - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
