File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes struts security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "struts security" Watch "struts security" New topic
Author

struts security

bas duijzings
Ranch Hand

Joined: Apr 07, 2004
Posts: 83
Is struts security covered in the book ?
for instance how you hook into JAAS etc.
I havent found a index page for this book sorry


have a nice one
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
The book seems not cover Structs security, however, since Structs in fact is a Servlet, I think Servlet security can be adopted by Structs as well.
TOC of the book can be found from:
http://www.aw-bc.com/catalog/academic/product/0,4096,0321118898-TOC,00.html
Nick


SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
You mean extending struts controller to accomodate JAAS?
Cant we insert a filter before the Controller to handle this? You can have also have something like a LoginAction that uses JAAS to authenticate and store a variable in the session indicating that user has been authenticated.
But if you have declarative security switched on at the web/ ejb tier and wish to pass on the user context to the say the EJB container, I think you will have to investigate the app server specific way of storing the context.
Then you have to programmatically store the user context after authenticating using JAAS.
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982

You mean extending struts controller to accomodate JAAS?
Cant we insert a filter before the Controller to handle this? You can have also have something like a LoginAction that uses JAAS to authenticate and store a variable in the session indicating that user has been authenticated.

Using Filter is one of the possible methods, and this method is also one of the security mechanism that used in Servlets. Thus, in fact, all security measurements that used in Servlet can be adopted by Structs.
Nick
Karthik Guru
Ranch Hand

Joined: Mar 06, 2001
Posts: 1209
Originally posted by Nicholas Cheung:

all security measurements that used in Servlet can be adopted by Structs.
Nick

True. But I guess he is probably looking for a way to extend Struts Controller component to do this, i mean some extension points.
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982

he is probably looking for a way to extend Struts Controller component to do this, i mean some extension points.

In this case, you may need to write some programs for this purpose. For example, when you invoke EJB in other server from the Structs (Servlets), if you wanna securing the channel, you need to make the data sent through JAAS, seems that the container currently does not support such security means automatically.
Nick
bas duijzings
Ranch Hand

Joined: Apr 07, 2004
Posts: 83
The book seems not cover Structs security, however, since Structs in fact is a Servlet, I think Servlet security can be adopted by Structs as well.

I know struts uses a servlet, and there are other ways to use security or check if the user is authenticated besides filters. However it would be usefull if it was described in the book since struts in the most widely used framework with an implementation of servlets. Therefore an example with struts would be a welcome and usefull one.
So I rephrase my question, is there a struts example in the book ?
thanks
bas duijzings
Ranch Hand

Joined: Apr 07, 2004
Posts: 83
can you let me know if this is included please ? I am very much interested in it ?
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Bas,
We do not conver struts security explicitly, but we do cover servlet security. I hope this helps.
Marco Pistoia


Marco Pistoia, Ph.D.<br /><a href="http://www.research.ibm.com/people/p/pistoia/" target="_blank" rel="nofollow">http://www.research.ibm.com/people/p/pistoia/</a>
 
Consider Paul's rocket mass heater.
 
subject: struts security
 
Similar Threads
struts2 security
This weeks giveaway
Pro Jakarta Struts - Is it helpful for beginners?
which book to refer for struts
Sample Struts Project Using Declarative Security