Topic: "action-based security in Struts"

"action-based security in Struts"

1 posts in topic

Flat View

Thread View

Older Post First | Reply to Topic

TOPIC ACTIONS:

Print Topic

Posted By: Nirmal_Arya
Posted On: Wednesday, November 22, 2006 08:18 AM

Hi, I am new to Struts Framework and very confused regarding Security in web applications: 1. "action-based security in Struts" I dont want "Container based security" thats the reason I am planning to implement security at the application logic. But I am confused as from where to start it. Basically the folowing statement confuses me: The security check is handled by the processRoles method of the RequestProcessor (org.apache.struts.action.RequestProcessor). By subclassing RequestProcessor, you can also use the roles property with application-based security. Do we need to handle the RequestProcessor for implementing action-based security in Struts More>>

Report | Quote This | Send private message | Reply | Print

Re: "action-based security in Struts"

Posted By: Amir_Pashazadeh
Posted On: Thursday, November 23, 2006 08:19 AM

you can implement a javax.servlet.Filter which wraps your HttpServletRequest in a wrapper, and reimplement isUserInRole() and getUserPrinciple() the way you need.

then just use a comma separated list of roles in struts-config files

Report | Quote This | Send private message | Reply | Print