I place my jsp pages into WEB-INF/jsp/. That prevents them from being
publicly viewable and requiring access to go through the controller. I get
the auto resolution in stripes by extending the NameBasedActionResolver and
overriding the findView method to look in the /WEB-INF/jsp/.
public class MyActionResolver extends NameBasedActionResolver {
protected Resolution findView(String urlBinding) {
return super.findView("/WEB-INF/jsp" + urlBinding);
}
}
As far as authentication and authorization. That can be accomplished in a
multitude of ways. Following are a few thoughts.
You could use a servlet filter that checks if
the user is logged in and checks access permission (using roles perhaps) is
one way.
* If user isn't logged in forward to a login page and/or provide a login
form on the publicly accessible pages.
* If user doesn't have permission redirect them to an access denied screen.
You could use a stripes interceptor in a similar manner as the servlet
filter. I prefer a serlvet filter simply because there may be greater needs
than just access to stripes actions.
You could also use straight up form based authentication servlet style if
your requirements are simple.
Brandon
On Tue, Jun 23, 2009 at 11:04 AM, phil darley <[email protected]
> wrote:
> Hi,
>
> I'm using Oscar's security solution for my ActionBean's and I was
> going to use a security constraint within the web.xml file to secure
> all my jsp's that sit within a /private/ directory. However I don't
> like this solution because it forces me to specify a rolename, I just
> want a user to be logged in - not have any specific role - for my app
> this would also mean adding a 'base' role to 500+ users.
>
> Is there a way to configure the SecurityInterceptor to do this i.e.
> intercept after the initial resource request, if URL contains
> /private/, send forward the SecurityManager.
>
> Cheers,
> Phil
>
>
> ------------------------------------------------------------------------------
> Are you an open source citizen? Join us for the Open Source Bridge
> conference!
> Portland, OR, June 17-19. Two days of sessions, one day of unconference:
> $250.
> Need another reason to go? 24-hour hacker lounge. Register today!
>
> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
> _______________________________________________
> Stripes-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
------------------------------------------------------------------------------
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
