Eddie, do you have a link for more? Jacob Hookom Comprehensive Computer Science University of Wisconsin, Eau Claire
-----Original Message----- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 2:05 PM To: Struts Users Mailing List Subject: Re: Security and Struts Use container-managed security. This is a feature of your application server (servlet container) that allows you to use standard configuration techniques to specify roles and, on a per-application basis, what areas of the site those roles have access to. If you're not familiar with container-managed authentication (CMA), you should become familiar with it. It's really handy! Regards, Eddie Ryan Cuprak wrote: >Hello, > I was hoping someone would have some advice on securing a website using >struts. I am developing a webapp that has to be secure (password protected) >and which restricts access to different parts of the site depending on the >roles a user possesses. The roles each user has are stored as XML in a >database and may be configured by an administrator. Does struts have any >built-in security capabilities that I could take advantage of? > > > Any help/pointers would be much appreciated! > > My first guess would be to put all jsp pages in WEB-INF (use only >ForwardAction to get to each page) and subclass ActionServlet with the logic >for check authentication etc. However, will this cause any problems when it >comes to a user book marking a page? > >Thanks, >-Ryan Cuprak > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>