Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sample Struts Project Using Declarative Security

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any sample project illustrating how to use container's declarative security in Struts? The Struts text book I read doesnt even mention the security support in Struts (not even the 'roles' attribute in <action> . So I'm just wondering if there is any sample I can study. Or is there any good Struts book that covers security in Struts.

Thx for any advice.
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is a bit of a disconnect between J2EE declarative security and Struts. In J2EE security for web applications, you declare security for a servlet and method (doPost, or doGet). The trouble with this model in a Struts application is that there is only one servlet (ActionServlet) in a struts application. Therefore, all you can really do using this model is an "all or nothing" security for the whole application.

By specifying roles in your action, you tell the RequestProcessor to check the security role before calling the action.

You can also implement security by creating filters, or by extending the Struts RequestProcessor.

Here is a good article on Struts security:

http://www-106.ibm.com/developerworks/web/library/wa-appsec/?ca=dgr-lnxw06ServletsTaglibsStrutsSecurity
[ May 03, 2005: Message edited by: Merrill Higginson ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic