File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Sample Struts Project Using Declarative Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Sample Struts Project Using Declarative Security" Watch "Sample Struts Project Using Declarative Security" New topic
Author

Sample Struts Project Using Declarative Security

Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
Is there any sample project illustrating how to use container's declarative security in Struts? The Struts text book I read doesnt even mention the security support in Struts (not even the 'roles' attribute in <action> . So I'm just wondering if there is any sample I can study. Or is there any good Struts book that covers security in Struts.

Thx for any advice.
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
There is a bit of a disconnect between J2EE declarative security and Struts. In J2EE security for web applications, you declare security for a servlet and method (doPost, or doGet). The trouble with this model in a Struts application is that there is only one servlet (ActionServlet) in a struts application. Therefore, all you can really do using this model is an "all or nothing" security for the whole application.

By specifying roles in your action, you tell the RequestProcessor to check the security role before calling the action.

You can also implement security by creating filters, or by extending the Struts RequestProcessor.

Here is a good article on Struts security:

http://www-106.ibm.com/developerworks/web/library/wa-appsec/?ca=dgr-lnxw06ServletsTaglibsStrutsSecurity
[ May 03, 2005: Message edited by: Merrill Higginson ]

Merrill
Consultant, Sima Solutions
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Sample Struts Project Using Declarative Security