+1 Spring Security. Everything else is for wimps.
Wes Wannemacher wrote: > > On Wednesday 04 February 2009 05:56:24 alee amin wrote: >> I browsed through struts official site to check for any plugin available >> or >> security mechanism to authenticate the user. but i could not find one. >> can >> anyone guide me what are teh ways to implement the security constraints >> (user security) on application. >> >> ..alee >> http://techboard.wordpress.com > > There are really 3 main choices, > > 1. Container managed security... If you are using Tomcat, check the docs > here- > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > Advantage - Part of Spec > Disadvantage - Doesn't always port to other app servers > > 2. Roll your own s2 interceptor... Check Mark Menard's tutorial - > http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor > Advantage - very Struts-y > Disadvantage - Not necessarily full-featured > > 3. Use Spring Security. > http://static.springframework.org/spring-security/site/index.html > Advantage - Super-Flexible, ports well to any app server > Disadvantage - steep learning curve, but after a bit of time, it all falls > into place. > > -Wes > > -- > > Wes Wannemacher > Author - Struts 2 In Practice > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more > http://www.manning.com/wannemacher > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://www.nabble.com/-S2--How-to-apply-form-based-security-in-struts-2-application-tp21828303p21843440.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
