wood burning stoves 2.0*
The moose likes Struts and the fly likes Would Struts help with this? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Would Struts help with this?" Watch "Would Struts help with this?" New topic
Author

Would Struts help with this?

Steve Fording
Greenhorn

Joined: Dec 14, 2004
Posts: 4
I am re-developing a fairly simple application where users can upload files which will be stored in a directory or db2 (haven't decided yet). These files will be catagorized, and accessable to users/groups specified by the owner (person who uploads) of the file. I am still in the architectural planning phase, and have a few issues which must be resolved. First off, security. I was looking at using LDAP as a user directory and then specifying the protected resources and using role to group mappings. But I don't think this approach is dynamic enough. The users may need to define new groups, etc. and I don't want to have to redeploy the app every time this occurs. Obviously I could abandon the J2EE security model and do it entirely programatically, but I don't like this entirely "home-grown" approach. Could Struts help with this? Another related problem is how to secure the files which will reside outside of the application. Securing the web resources is one thing, but what about the actual files if they just reside in a directory on the web server. We are currently using a .htaccess file which points to a LDAP group, but this is obviously no good if the access to files, is going to be dynamic and controlled by the app. Any suggestions? Comments are most appreciated!
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

I'm no security buff, but my hunch is that the redeploying might be the best route to go. I have hard time imagining the addition of groups to be very frequent.

I do know that Struts is not the answer. Its functionality is not security control.


A good workman is known by his tools.
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

http://www.onjava.com/pub/a/onjava/2004/02/18/strutssecurity.html

Check out the above article. It describes how to extend Struts to achieve something very similar to what you asked for.

It does not explain how to secure files outside of the app, but I believe that is a different topic all together.
Steve Fording
Greenhorn

Joined: Dec 14, 2004
Posts: 4
Thanks, I think this article will be very helpful!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Would Struts help with this?