Hot Div Injection Vector - Service Pack 1 : a little know DHTML library used
exclusively by porn link aggregator sites. I am surprised you didn't know
that.
and Martin, I am so busy that I only make it back here periodically, but it
seems like everytime I do Musachy is giving you a beat down ab
Musachy Barroso wrote:
The answer to your questions is 42. What in the name of the Flying
Spaghetti Monster are you talking about?
Ramen.
Dave
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional com
The answer to your questions is 42. What in the name of the Flying
Spaghetti Monster are you talking about? It is not only that you add
more questions that are not even related to the topic (FreeMarker,
Velocity?). What is "HDIV-SP1"? not even google finds anything
relevant about it. Then on top o
xwork supplies a ParameterFilterInterceptor
i dont see any security considerations here for HDIV-SP1?
could you explain which security features/functions would be provided by
HDIV-SP1?
would HDIV-SP1 be supported by either Freemarker or Velocity template languages?
how would existing struts
Ditto on Spring Security, very nice for URL auth.
-Original Message-
From: Dale Newfield [mailto:d...@newfield.org]
Sent: Saturday, August 08, 2009 12:02 PM
To: Struts Users Mailing List
Subject: Re: Struts - Security
Kamlesh Koringa wrote:
> - URL encryption (no one can mod
ets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Date: Sat, 8 Aug 2009 12:01:39 -0400
> From: d...@newfield.org
> To: user@struts.apache.org
> Subject: Re: Struts - Security
>
> Kamlesh Koringa wrote:
> > - URL encrypt
Kamlesh Koringa wrote:
- URL encryption (no one can modify generated URL).
Impossible. You cannot prevent people from requesting URLs your system
does not present to them. You should assume that any parameter that you
accept from a user can be manipulated at will by that user. You can
jum
bligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> From: kamleshkori...@gmail.com
> Date: Sat, 8 Aug 2009 18:37:09 +0530
> Subject: Re: Struts - Security
> To: user@str
Thanks Martin for your reply
I have checked QueryCrypt. It only works with Static URL generated from
Server side to encrypt Parameters. And I am doubt will it work with Struts2
tag. For that I have to use scriplet to get All paramters and encrypt it and
generate encrypted Parameters. If i not wron
QueryCryptSessionListener handles authentication
http://www.theserverside.com/news/thread.tss?thread_id=36841
BASIC URL authorization can be achieved thru predefined roles from tomcat-users
http://www.informit.com/articles/article.aspx?p=24600
i assume you're using TC?
Martin Gainty
___
At first glance at your code it looks like you might need to add a
role principal after you've added the user.. But on consideration i
dont think that the user principal is going to be added to the session
in such a way as you can get to the principal using
request.getUserPrincipal() and is user in
Jubin Kuriakose a écrit :
>oh...
>Supposing i did use j_security_check to authenticate. how do i check if the
>user is authenticated at a later stage
>
request.getUserPrincipal() returns a non-null value
>and is it possible to programmitically remove his permission.
>
>
Not really. Once user h
oh...
Supposing i did use j_security_check to authenticate. how do i check if the
user is authenticated at a later stage and is it possible to
programmitically remove his permission.
thnx
On 3/14/06, David Delbecq <[EMAIL PROTECTED]> wrote:
>
> Am sorry but that's not how form based authentificat
Am sorry but that's not how form based authentification works in j2ee.
We you are not authenticated, the container redirects your to
form-login-page
This page must contain a form with 2 fields : j_username and
j_password. The form action MUST be of type POST and the target MUST be
"j_security_che
Hi David
I did do that ...
>
>
> father
> Security
> /father/*
> GET
> POST
>
>
>
> admin
>
>
>
> NONE
>
>
>
>
>
> FORM
>
>
Do it like you would for any servlet. Either apply a security constraint
to struts servlet itself or apply security constraints to url path
(applying a security constraint to /admin/* applies also to
/admin/someStrutsAction.do)
Jubin Kuriakose a écrit :
>Hi all
>Can ayone give me links related to
What I do is when the user logs in, I put a token in the session and for
every call to my action classes, there is abase class action that checks to
see if that token is in the session and if the user is logged in, if not
send them to the login screens
-Original Message-
From: Tim Chris
Cheers for all the advice. I have already implemented JDBCRealm but
have decided to try out the SecurityFilter (as recommended) to see for
myself what it is like and what additional features it offers.
>>>
Unfortunatley I've had a few problems setting up the securityfilter...
To start off with
, January 27, 2005 11:05 AM
To: Struts Users Mailing List
Subject: Re: Struts Security
Hi,
I've never used EJB so have no idea what this means, can someone explain
please?
"When SecurityFilter is used, a user's Principal will not
automatically be propagated to EJB calls. If this is a
Also see this article:
http://www.javaworld.com/javaworld/jw-07-2004/jw-0726-security.html
J2EE security: Container versus custom
Choose the appropriate type of security for your application
Summary
This article covers the factors to consider when choosing between custom
security and J2EE standa
On Thu, 27 Jan 2005 11:02:35 -0600, Joe Germuska <[EMAIL PROTECTED]> wrote:
> At 9:46 AM -0600 1/27/05, Jerry Jalenak wrote:
> >Joe -
> >
> >Your comment
> >
> >My main issue with Container Based auth is its inability to support
> >user-initiated login -- it only works by intercepting a request for
At 9:46 AM -0600 1/27/05, Jerry Jalenak wrote:
Joe -
Your comment
My main issue with Container Based auth is its inability to support
user-initiated login -- it only works by intercepting a request for a
normal resource and then challenging for login.
struck a chord with me - it's one of the reason
05 9:32 AM
To: Tim Christopher; Struts Users Mailing List
Subject: Re: Struts Security
At 10:05 AM + 1/27/05, Tim Christopher wrote:
>Hi,
>
>I've never used EJB so have no idea what this means, can someone
>explain please?
>
>"When SecurityFilter is used, a user&
05 9:32 AM
To: Tim Christopher; Struts Users Mailing List
Subject: Re: Struts Security
At 10:05 AM + 1/27/05, Tim Christopher wrote:
>Hi,
>
>I've never used EJB so have no idea what this means, can someone
>explain please?
>
>"When SecurityFilter is used, a user&
At 10:05 AM + 1/27/05, Tim Christopher wrote:
Hi,
I've never used EJB so have no idea what this means, can someone
explain please?
"When SecurityFilter is used, a user's Principal will not
automatically be propagated to EJB calls. If this is a requirement for
your application, you may not be
No coding needed.
>
> Hermod
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 27, 2005 6:31 AM
> To: user@struts.apache.org
> Subject: RE: Struts Security
>
> I think the logic:present tag will a
, 2005 6:31 AM
To: user@struts.apache.org
Subject: RE: Struts Security
I think the logic:present tag will allow access to any of the roles
mentioned.
Mohan
-Original Message-
From: Tim Christopher [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 27, 2005 9:41 AM
To: Struts Users Mailing
I think the logic:present tag will allow access to any of the roles
mentioned.
Mohan
-Original Message-
From: Tim Christopher [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 27, 2005 9:41 AM
To: Struts Users Mailing List
Subject: Re: Struts Security
Just a quick question... What
Just a quick question... What is gained by using code like this:
>>>
String[] roles = mapping.getRoleNames();
if(roles == null || roles.length == 0)
return true
for(int i=0; i?
Or is that a check for all roles: roleA, roleB, and roleG?
Tim
On Wed, 26 Jan 2005 20:27:22 -070
I forgot to mention the reason I did this was because we already had a
security mechanism in place and didn't have the liberty of using realms
on the web or anything like that. It had to be a custom configuration.
Nic Holbrook wrote:
I kind of set our security up before the struts menu was in p
I kind of set our security up before the struts menu was in place. What
I have done that seems to work well so far is extend the Action class
with a SecureAction class that validates the users role before it lets
the user into an action. The execute method actually validates and
calls an abst
>> I then have a number of menu options that should only be made
>> visible to users with certain roles;
>
> Try Struts menu.
I have looked at the Struts Menu ( http://struts-menu.sourceforge.net/
) and I think I'll probably give it a go!
Does anyone else here have any experience using the Struts
On Sun, 23 Jan 2005 18:39:50 +, Tim Christopher
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am designing a web application using Struts, which will run using
> Tomcat. The system will have upwards of 1000 users, with each user
> having any number of around 10 possible roles.
>
> I'm currently thi
Tim Christopher wrote:
Hi,
I am designing a web application using Struts, which will run using
Tomcat. The system will have upwards of 1000 users, with each user
having any number of around 10 possible roles.
I'm currently thinking of using JDBCRealm within the Tomcat
Sounds good
xml file
to set t
On Wed, 19 Jan 2005 21:54:48 +0900, Sylvain ~ <[EMAIL PROTECTED]> wrote:
> I'm working on a simple application which requires very simple
> security as given there is only 3 kind of users : anonymous, users and
> admin.
>
> For portability issues, I don't want to use Tomcat's security system.
Tom
In part for the reason you specified, where the response has already
been committed in tiles, I prefer to move that kind of logic back
into the pre-view stages of request processing.
In Struts 1.2.x, you could extend the TilesRequestProcessor and
change the implementation of "processRoles" so t
On Wed, 19 Jan 2005 21:54:48 +0900, Sylvain ~ <[EMAIL PROTECTED]> wrote:
> I'm working on a simple application which requires very simple
> security as given there is only 3 kind of users : anonymous, users and
> admin.
>
> For portability issues, I don't want to use Tomcat's security system.
Ple
Craig McClanahan wrote:
On Wed, 11 Aug 2004 10:32:04 -0700, Wiebe de Jong <[EMAIL PROTECTED]> wrote:
I had a similar problem, which I discovered when one of my users tried to
enter a street address containing an apostrophe. Since I use apostrophes to
delineate my text strings in my SQL statement
TED]> wrote:
>
>
> > -Original Message-
> > From: Wiebe de Jong [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, August 11, 2004 10:32 AM
> > To: 'Struts Users Mailing List'
> > Subject: RE: Struts security/validation
> >
> >
well.
As for the XML/SOAP calls, using the serializer to create the character
entities would be good.
Thanks
Wiebe de Jong
-Original Message-
From: Craig McClanahan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 11, 2004 10:50 AM
To: Struts Users Mailing List
Subject: Re: Struts
to data base you need
to convert it to be "l like he''s idea".
Hope this helps.
-Original Message-
From: Wiebe de Jong [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 11, 2004 1:32 PM
To: 'Struts Users Mailing List'
Subject: RE: Struts security/validation
I h
On Wed, 11 Aug 2004 10:32:04 -0700, Wiebe de Jong <[EMAIL PROTECTED]> wrote:
> I had a similar problem, which I discovered when one of my users tried to
> enter a street address containing an apostrophe. Since I use apostrophes to
> delineate my text strings in my SQL statements, this caused a data
> -Original Message-
> From: Wiebe de Jong [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 11, 2004 10:32 AM
> To: 'Struts Users Mailing List'
> Subject: RE: Struts security/validation
>
>
> I had a similar problem, which I discovered when one
Message-
From: Craig McClanahan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 11, 2004 10:21 AM
To: Struts Users Mailing List
Subject: Re: Struts security/validation
On Wed, 11 Aug 2004 14:45:05 +0100, James Adams <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I'm
> -Original Message-
> From: Craig McClanahan [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 11, 2004 10:21 AM
> To: Struts Users Mailing List
> Subject: Re: Struts security/validation
>
>
> On Wed, 11 Aug 2004 14:45:05 +0100, James Adams
> <[EMAI
On Wed, 11 Aug 2004 14:45:05 +0100, James Adams <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I'm in the process of trying to secure my struts application against "Cross site
> scripting", "SQL injection" style attacks.
>
> One of the things I'm doing to prevent this is trying to restrict special
> -Original Message-
> From: James Adams [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 11, 2004 6:45 AM
> To: Struts Users Mailing List
> Subject: Struts security/validation
>
>
> Hello all,
>
> I'm in the process of trying to secure my struts application
> against "Cross site s
On Wed, 11 Aug 2004 14:45:05 +0100, James Adams <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I'm in the process of trying to secure my struts application against "Cross site
> scripting", "SQL injection" style attacks.
>
> One of the things I'm doing to prevent this is trying to restrict special
48 matches
Mail list logo
