Use container-managed security. This is a feature of your application server (servlet container) that allows you to use standard configuration techniques to specify roles and, on a per-application basis, what areas of the site those roles have access to. If you're not familiar with container-managed authentication (CMA), you should become familiar with it. It's really handy!
Regards, Eddie Ryan Cuprak wrote: >Hello, > I was hoping someone would have some advice on securing a website using >struts. I am developing a webapp that has to be secure (password protected) >and which restricts access to different parts of the site depending on the >roles a user possesses. The roles each user has are stored as XML in a >database and may be configured by an administrator. Does struts have any >built-in security capabilities that I could take advantage of? > > > Any help/pointers would be much appreciated! > > My first guess would be to put all jsp pages in WEB-INF (use only >ForwardAction to get to each page) and subclass ActionServlet with the logic >for check authentication etc. However, will this cause any problems when it >comes to a user book marking a page? > >Thanks, >-Ryan Cuprak > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>