"action-based security in Struts"
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Nirmal_Arya
Posted On:   Wednesday, November 22, 2006 08:18 AM

Hi, I am new to Struts Framework and very confused regarding Security in web applications: 1. "action-based security in Struts" I dont want "Container based security" thats the reason I am planning to implement security at the application logic. But I am confused as from where to start it. Basically the folowing statement confuses me: The security check is handled by the processRoles method of the RequestProcessor (org.apache.struts.action.RequestProcessor). By subclassing RequestProcessor, you can also use the roles property with application-based security. Do we need to handle the RequestProcessor for implementing action-based security in Struts    More>>

Hi,


I am new to Struts Framework and very confused regarding Security in web applications:


1. "action-based security in Struts"

I dont want "Container based security" thats the reason I am planning to implement security at the application logic.

But I am confused as from where to start it. Basically the folowing statement confuses me:

The security check is handled by the processRoles method of the RequestProcessor (org.apache.struts.action.RequestProcessor). By subclassing RequestProcessor, you can also use the roles property with application-based security.


Do we need to handle the RequestProcessor for implementing action-based security in Struts ?


Any help or guidelines in this context would be of great value to me.


Please help me out in this topic.

   <<Less

Re: "action-based security in Struts"

Posted By:   Amir_Pashazadeh  
Posted On:   Thursday, November 23, 2006 08:19 AM

you can implement a javax.servlet.Filter which wraps your HttpServletRequest in a wrapper, and reimplement isUserInRole() and getUserPrinciple() the way you need.


then just use a comma separated list of roles in struts-config files

About | Sitemap | Contact