On Wednesday 04 February 2009 05:56:24 alee amin wrote: > I browsed through struts official site to check for any plugin available or > security mechanism to authenticate the user. but i could not find one. can > anyone guide me what are teh ways to implement the security constraints > (user security) on application. > > ..alee > http://techboard.wordpress.com
There are really 3 main choices, 1. Container managed security... If you are using Tomcat, check the docs here- http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html Advantage - Part of Spec Disadvantage - Doesn't always port to other app servers 2. Roll your own s2 interceptor... Check Mark Menard's tutorial - http://www.vitarara.org/cms/struts_2_cookbook/creating_a_login_interceptor Advantage - very Struts-y Disadvantage - Not necessarily full-featured 3. Use Spring Security. http://static.springframework.org/spring-security/site/index.html Advantage - Super-Flexible, ports well to any app server Disadvantage - steep learning curve, but after a bit of time, it all falls into place. -Wes -- Wes Wannemacher Author - Struts 2 In Practice Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and more http://www.manning.com/wannemacher --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
