Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication Interceptor...

 
Gopi Chand
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was reading this book "Struts 2 in Action" and in chapter six of that book, the author has explained about the use of user-define interceptor, which the author demonstrates by using it to validate
the user. The interceptor, simply checks for user in the session map, if not represents direct the user to login page. But I have a doubt in the robustness of the solution, because most of the
action simply diverts the user to an existing jsp page, if the user some how manages to guess the jsp pages, then our security goes for a toss..

Should I consider it just an example or interceptor can actually be used to provide flawless security.. if so how?

experts please voice your view..

Thanks
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the pages are under /WEB-INF then they can't be accessed directly.

That aside, the code in almost *any* book should be taken as an example only: it's being used to teach the framework, not necessarily teach every single best practice possible, which wouldn't be practical.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic