Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Would Struts help with this?

 
Steve Fording
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am re-developing a fairly simple application where users can upload files which will be stored in a directory or db2 (haven't decided yet). These files will be catagorized, and accessable to users/groups specified by the owner (person who uploads) of the file. I am still in the architectural planning phase, and have a few issues which must be resolved. First off, security. I was looking at using LDAP as a user directory and then specifying the protected resources and using role to group mappings. But I don't think this approach is dynamic enough. The users may need to define new groups, etc. and I don't want to have to redeploy the app every time this occurs. Obviously I could abandon the J2EE security model and do it entirely programatically, but I don't like this entirely "home-grown" approach. Could Struts help with this? Another related problem is how to secure the files which will reside outside of the application. Securing the web resources is one thing, but what about the actual files if they just reside in a directory on the web server. We are currently using a .htaccess file which points to a LDAP group, but this is obviously no good if the access to files, is going to be dynamic and controlled by the app. Any suggestions? Comments are most appreciated!
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm no security buff, but my hunch is that the redeploying might be the best route to go. I have hard time imagining the addition of groups to be very frequent.

I do know that Struts is not the answer. Its functionality is not security control.
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html

Check out the above article. It describes how to extend Struts to achieve something very similar to what you asked for.

It does not explain how to secure files outside of the app, but I believe that is a different topic all together.
 
Steve Fording
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, I think this article will be very helpful!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic