struts can be used to implement security easily using the 'roles=' attribute on the action mappings in your struts-config. This allows you to specify which roles can access an action or not. This depends on use of container-managed security, but I think that the SecurityFilter plugin is able to emulate that. I don't have any experience with SecurityFilter.
You can also use ssl-ext (or sslext?) to map your action urls to http or https.
Container-managed security takes away alot of the development work too of course. Specifying in the web.xml which URLs should be protected is about all you need to do, along with setting up the login realm.
HTH Adam
On 02/12/2004 01:36 PM Joanne L Corless wrote:
Hi,
I know this topic has been discussed before but I've looked at all the previous posts and can't find anything to answer my problem
I have a struts app that is designed to use a database user with very limited rights pre-login and then post login it is designed to use the users own view.
I want to secure the app so that any erroneous requests are directed straight to the login page - I've looked at the Sourceforge SecurityFilter and it fits about 75% of my requirements. The main problem is that both pre and post login there are lots of environment variables to set up for presentation etc.
Currently (in the unsecured app) the flow works as such
index.jsp -forwards-> /initialise.do -loads default settings-> .login_layout_tiles -on submit -> /loginaction.do (if successful login) -loads user specific settings-> .user_layout_tile
This works fine but is obviously not secure - How basically do I combine struts and the security filter so that I can get the best of both worlds
I'm happy with the SecurityFilter implementation - I've got a basic version working with my backend db its adding in struts thats causing the head ache at the moment
Regards Joanne Corless
CSC Computer Sciences Limited ( Office +44 (0)1772 318025 ( Mobile +44 (0)7767 656588 * email [EMAIL PROTECTED]
Based at: CSC, Alliance House, Library Road, Chorley, Lancs, PR6 7EN CSC Computer Sciences Limited: Registered in England, No. 963578. Registered office: Royal Pavilion, Wellesley Road, Aldershot, Hampshire, GU11 1PZ.
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ----------------------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]