I agree with Andy Law, Interceptors is much better, and you can
implement your security as you want. To my applications I use an
object in a Session Scope and check if it still exists... if not...
redirect to login action.. simple and easy.

On Mon, Dec 15, 2008 at 10:35 AM, shekher awasthi
<shekher.awas...@gmail.com> wrote:
> I am planing to use interceptor for this but not sure how to plan this
>
> as using interceptor can not gurantee a robust authenticate mechanism
> what i planned is as below
>
> if user provide the valid information store the user object in the session
> scoped map and for all incoming request to secure region check the user
> object in the session using the interceptor,but will that be a robust
> approach???
>
> any suggestion for this
>
> On Mon, Dec 15, 2008 at 5:55 PM, Andy Law <andy....@roslin.ed.ac.uk> wrote:
>
>>
>>
>> Shekher wrote:
>> >
>> > Hi All,
>> >
>> > We are developing an application based on Struts2 framework. We are on
>> way
>> > to develop application based security so that the unauthorized user can
>> > not
>> > access the secure area,it needs the request to be from the authorized
>> > person.We can have the Below mentioed approach
>> >
>> > 1) For Secure area the user must be logged in to the ysystem and have
>> > authorization for accessing that
>> > 2) For every request coming to the secured region, we need to put the
>> > check
>> > if the user is a valid one or not.
>> >
>> > We cab think of the functionality which checks for the icoming request
>> for
>> > its authentication and permits only authenticated request.
>> >
>> > I need your suggestion about the approach we can follow in struts2 so
>> that
>> > we can achieve the above mentioed points and also maintenance and
>> > enterprise
>> > integration will be area of concern.
>> >
>> > IF any one have worked or working on similar area pleaes share his/her
>> > view
>> > how to achieve that here in struts2
>> >
>> > Thanks in advance
>> > shekher
>> >
>> >
>>
>> I think that you need to be looking at Interceptors. You can couple them as
>> tightly or as loosely to your Actions as you like. You can also build
>> systems using Interceptors that factor out the control of the
>> authentication
>> and authorisation to completely separate code which makes integrating with
>> other enterprise systems a bit easier.
>>
>> Later,
>>
>> Andy
>> --
>> View this message in context:
>> http://www.nabble.com/Application-based-Security-tp21010272p21012989.html
>> Sent from the Struts - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Reply via email to