• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Authentication Interceptor...

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was reading this book "Struts 2 in Action" and in chapter six of that book, the author has explained about the use of user-define interceptor, which the author demonstrates by using it to validate
the user. The interceptor, simply checks for user in the session map, if not represents direct the user to login page. But I have a doubt in the robustness of the solution, because most of the
action simply diverts the user to an existing jsp page, if the user some how manages to guess the jsp pages, then our security goes for a toss..

Should I consider it just an example or interceptor can actually be used to provide flawless security.. if so how?

experts please voice your view..

Thanks
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the pages are under /WEB-INF then they can't be accessed directly.

That aside, the code in almost *any* book should be taken as an example only: it's being used to teach the framework, not necessarily teach every single best practice possible, which wouldn't be practical.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic