aspose file tools*
The moose likes Struts and the fly likes Struts 2 security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts 2 security" Watch "Struts 2 security" New topic
Author

Struts 2 security

E Robb
Ranch Hand

Joined: Aug 27, 2010
Posts: 111
Is there any generally accepted way to provide security to a struts application after login? O have looked through Acegi Security examples but dont really see any way to implement it without putting spring jars in my lib which I would prefer not to do.

Does struts 2 provide some out of the box jar I can implement? Also I noted in Struts 2 in Action there is an example of a custom built inteceptor for the purpose. Is this the generally accepted method? I looked into JAAS but do not want to have to make changes to every jBoss instance the application is running off of.

Could someone give me some feed back on the methods they like for securing a web app and why? Links to examples would be helpful.

Thanks
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8927
    
    9

No, Struts 2 does not have any security functionality built-in.
I usually use container-based security. I've seen others using Acegi and implementing custom solutions. It all depends on your particular requirements.


"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
E Robb
Ranch Hand

Joined: Aug 27, 2010
Posts: 111
Doesnt container based security require changes to the servlet container? If not can you provide a link for simple deployment.

The web site I am working on will be deployed to 100's of containers and I dont want our technical team to have to change the servlet container every time.

thanks,
earl
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Struts 2 security