Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from the database.
We can authenticate people
7 AM
To: Struts Mailing List
Subject: Webapp Security?
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls th
David Erickson wrote:
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from the database.
We
CTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Wednesday, July 02, 2003 11:47 AM
Subject: RE: Webapp Security?
> How about using container managed security with tomcat's realms? It works
> great for me.
>
> Here's an exam
David Erickson wrote:
Is it based on using security restraints and having all your users set into
groups in the tomcat-users.xml file? If so our problem is we don't want to
have users based into groups but want to give permissions to users
individually to many different things.. and we want to s
aint stuff is the same thing as CMA.
HTH,
Matt
-Original Message-
From: David Erickson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 02, 2003 11:54 AM
To: Struts Users Mailing List
Subject: Re: Webapp Security?
Is it based on using security restraints and having all your users set into
- Original Message -
From: "David Erickson" <[EMAIL PROTECTED]>
To: "Struts Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, July 02, 2003 12:26 PM
Subject: Webapp Security?
> Just curious how others have gone about protecting the resouces with
David Erickson wrote:
Just curious how others have gone about protecting the resouces within their
webapp.. in our personal setup we would like to control access to every
resource if possible, we have our own custom login page that sets session
variables, and pulls the data from the database.
To p
olation is detected.
db
-Original Message-
From: Raible, Matt [mailto:[EMAIL PROTECTED]
Sent: 02 July 2003 19:13
To: 'Struts Users Mailing List'
Subject: RE: Webapp Security?
If you want to give user's dynamic permissions at runtime, you could add a
filter on top of container ma
Marc wrote:
To protect your JSP, put them in a subdir of WEB-INF. Actions are still
able to redirect to those JSPs but they are not direct accessible.
To protect your other files, just make a servlet and use path-mapping
like '/resources/*' to map all requests to this servlet.
What kind of sec
On 02/07/2003 18:53 David Erickson wrote:
Is it based on using security restraints and having all your users set
into
groups in the tomcat-users.xml file? If so our problem is we don't want
to
have users based into groups but want to give permissions to users
individually to many different things.
Adam Hardy wrote:
Marc wrote:
To protect your JSP, put them in a subdir of WEB-INF. Actions are
still able to redirect to those JSPs but they are not direct accessible.
To protect your other files, just make a servlet and use path-mapping
like '/resources/*' to map all requests to this servlet.
quickly if you have very many things loading on a webpage.
-David
- Original Message -
From: "David Bolsover" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 3:56 AM
Subject: RE: Webapp Security?
> T
David Bolsover wrote:
I ended up writing my own application security manager - when the user logs in,
his permissions are loaded from DB and then checked before any action is
performed - with appropriate errors if a violation is detected.
Where are you doing the checking, in the Action?
Erik
On Thu, 3 Jul 2003, Adam Hardy wrote:
> Date: Thu, 03 Jul 2003 13:47:20 +0200
> From: Adam Hardy <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: Re: Webapp Security?
>
? Any other ways to do this?
-David
- Original Message -
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 11:34 AM
Subject: Re: Webapp Security?
>
>
> On Thu, 3 Jul 20
David Erickson wrote:
Ok well lets suppose you want to protect 100% of your content, perhaps minus
the login.jsp or what not page. We just spent a couple hours brainstorming
how to protect our webapp. We want flexibility above and beyond what
container security provides, so we want to use our o
David,
First let me apologize for i have not read all of the email relating to your
topic. However,
my question is very specific. Are you trying to prevent people from
tampering with your code... or just getting around your security to access
pages they are
not suppose to.
In my own project we bu
e" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 12:52 PM
Subject: Re: Webapp Security?
> David,
>
> First let me apologize for i have not read all of the email relating to
your
> topic. However,
> my questio
On Thu, 2003-07-03 at 14:41, Erik Price wrote:
> I am really confused as to why you don't want to use a Filter. It seems
> that they were developed specifically for situations like the one you
> describe
Here's the problem I'm having with the securityFilter stuff that I'm
implementing. Not su
On Thu, 2003-07-03 at 14:37, David Erickson wrote:
> Thoughts, comments? Any other ways to do this?
I like to subclass the RequestProcessor and over-ride the process
method:
public void process(HttpServletRequest request, HttpServletResponse
response)
throws IOException, Serv
Rick Reumann wrote:
On Thu, 2003-07-03 at 14:41, Erik Price wrote:
I am really confused as to why you don't want to use a Filter. It seems
that they were developed specifically for situations like the one you
describe
Here's the problem I'm having with the securityFilter stuff that I'm
im
And of course UserBean has a isInRole(role) method so if you need to
have fine control anywhere you have it. The servlet filter stuff is nice
because you can configure this part in an xml file... but I'm still
having that one issue that I just posted about.. (problem when user is
deep in an app and
On Thu, 3 Jul 2003, David Erickson wrote:
> Date: Thu, 3 Jul 2003 12:37:56 -0600
> From: David Erickson <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: Re: Webapp Secur
hink we'll
probably use filters to accomplish this.. thoughts?
-David
- Original Message -
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 1:05 PM
Subject: Re: Webapp Security?
On Thu, 2003-07-03 at 15:05, Craig R. McClanahan wrote:
>
> If you go with "roll your own" security, though, I would definitely
> recommend that you implement it as a Filter rather than trying to modify
> Struts to do this for you.
Craig, is there a way I can force container managed security
At 15:22 -0400 7/3/03, Rick Reumann spoke thusly:
On Thu, 2003-07-03 at 15:05, Craig R. McClanahan wrote:
If you go with "roll your own" security, though, I would definitely
recommend that you implement it as a Filter rather than trying to modify
Struts to do this for you.
Craig, is there a w
Hi David...
Here is what we did.
we did not use the roles framework for security ( logins ) instead we
created our own as we needed a more robust rights framework ( our had to be
context sensity as per the application.. ie..if the data is true then these
are your current right .. if not they may
On Thu, 2003-07-03 at 15:27, Dolf Starreveld wrote:
> >
> How about deriving all your actions from a base class that checks if
> the requisite objects are in session, and if not, either puts them
> there, or forwards/redirects to a page which will cause them to be
> put there.
> If you prefer,
rvlet is
supposed get that test.jsp, or does it do something else??
-David
- Original Message -
From: "Jamie M. Guillemette" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 1:43 PM
Subject: Re: Webapp
At 15:46 -0400 7/3/03, Rick Reumann spoke thusly:
I suppose what I meant to convey, but failed to do is that I use CMS
(or a close cousing through SecurityFilter). The object that I am
checking for in the base class is a User object. I am not checking it
for security, but to deal with the logou
You are refering to jspc ?
In this case when you make a request for test.jsp,
it is first checked that no mapping in the web.xml matches this url.. in
your case there now is.. the servlet equivilent.. hence
your servlet gets run. If the web.xml did not contain the entry then it
would check physical
On Thu, 3 Jul 2003, Rick Reumann wrote:
> Date: 03 Jul 2003 15:22:55 -0400
> From: Rick Reumann <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: Re: Webapp Security
On Thu, 3 Jul 2003, David Erickson wrote:
> Date: Thu, 3 Jul 2003 13:44:41 -0600
> From: David Erickson <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: Re: Webapp Secur
rough
the filter.
Edgar
> -Original Message-
> From: David Erickson [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 03, 2003 2:11 PM
> To: 'Struts Users Mailing List'
> Subject: Re: Webapp Security?
>
>
> Ya I am thinking that creating our own security w
On Thu, 2003-07-03 at 16:42, Craig R. McClanahan wrote:
>
>
> Why are you trying to mess with the container's implementation of
> authentication at all? Why not just write a Filter that does an
> RD.forward() to some safe place if it sees that the session does not
> contain the right stuff (bec
On Sun, 7 Jul 2003, Rick Reumann wrote:
> Date: 07 Jul 2003 00:47:20 -0400
> From: Rick Reumann <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: Re: Webapp Security
. McClanahan [mailto:[EMAIL PROTECTED]
Sent: 07 July, 2003 18:21
To: Struts Users Mailing List
Subject: Re: Webapp Security?
On Sun, 7 Jul 2003, Rick Reumann wrote:
> Date: 07 Jul 2003 00:47:20 -0400
> From: Rick Reumann <[EMAIL PROTECTED]>
> Reply-To: Struts Users Maili
Sent: Thursday, July 03, 2003 10:35 AM
To: Struts Users Mailing List
Subject: Re: Webapp Security?
On Thu, 3 Jul 2003, Adam Hardy wrote:
> Date: Thu, 03 Jul 2003 13:47:20 +0200
> From: Adam Hardy <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECT
On Thu, 3 Jul 2003, Vijay Balakrishnan wrote:
> Date: Thu, 3 Jul 2003 11:04:51 -0700
> From: Vijay Balakrishnan <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: 'Struts Users Mailing List' <[EMAIL PROTECTED]>
>
40 matches
Mail list logo