Dewhirst [mailto:[EMAIL PROTECTED]]
Sent: Freitag, 8. Februar 2002 16:44
To: 'Struts Users Mailing List'
Subject: Controller and security
We are trying to come with a good security model in conjunction with Struts.
I was thinking of calling a business class method to check the user's
I've seen this solution work very well. When you extend the ActionServlet, you can
override the "processPreprocess" method to determine if the user has the neccessary
permissions, if the user has a valid session, etc... long before ever getting to the
Action class (If you're using the 1.1 versi
You could dispense with changing/extending the controller by creating an
abstract action layer that defines a new abstract method such as
performAction() which returns an actionforward obj like perform() .
Your perform method in the abstract class then carries out the validaton if
it is ok it cal
The book 'JSP Professional' recommends to put the security stuff into
processMapping()-method of the controller respectively ActionServlet (after
inheriting).
Wouldn't it be a good idea to integrate a kind of callback mechanism into
the controller? So functions which make sense to do them at a c
fault controlling servlet.
hth,
dave
-Original Message-
From: Mike Dewhirst [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 9:44 AM
To: 'Struts Users Mailing List'
Subject: Controller and security
We are trying to come with a good security model in conjunction with
m
the application flow (Struts).
- Original Message -
From: "Mike Dewhirst" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Friday, February 08, 2002 9:44 AM
Subject: Controller and security
> We are trying to come w
We are trying to come with a good security model in conjunction with Struts.
I was thinking of calling a business class method to check the user's
permission for the requested mapping from within the Controller, but I'm
sure custom-modifying source code of a generic frame work is not exactly
best
7 matches
Mail list logo
