I am planing to use interceptor for this but not sure how to plan this as using interceptor can not gurantee a robust authenticate mechanism what i planned is as below
if user provide the valid information store the user object in the session scoped map and for all incoming request to secure region check the user object in the session using the interceptor,but will that be a robust approach??? any suggestion for this On Mon, Dec 15, 2008 at 5:55 PM, Andy Law <andy....@roslin.ed.ac.uk> wrote: > > > Shekher wrote: > > > > Hi All, > > > > We are developing an application based on Struts2 framework. We are on > way > > to develop application based security so that the unauthorized user can > > not > > access the secure area,it needs the request to be from the authorized > > person.We can have the Below mentioed approach > > > > 1) For Secure area the user must be logged in to the ysystem and have > > authorization for accessing that > > 2) For every request coming to the secured region, we need to put the > > check > > if the user is a valid one or not. > > > > We cab think of the functionality which checks for the icoming request > for > > its authentication and permits only authenticated request. > > > > I need your suggestion about the approach we can follow in struts2 so > that > > we can achieve the above mentioed points and also maintenance and > > enterprise > > integration will be area of concern. > > > > IF any one have worked or working on similar area pleaes share his/her > > view > > how to achieve that here in struts2 > > > > Thanks in advance > > shekher > > > > > > I think that you need to be looking at Interceptors. You can couple them as > tightly or as loosely to your Actions as you like. You can also build > systems using Interceptors that factor out the control of the > authentication > and authorisation to completely separate code which makes integrating with > other enterprise systems a bit easier. > > Later, > > Andy > -- > View this message in context: > http://www.nabble.com/Application-based-Security-tp21010272p21012989.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
