File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Struts 2 security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts 2 security" Watch "Struts 2 security" New topic

Struts 2 security

E Robb
Ranch Hand

Joined: Aug 27, 2010
Posts: 111
Is there any generally accepted way to provide security to a struts application after login? O have looked through Acegi Security examples but dont really see any way to implement it without putting spring jars in my lib which I would prefer not to do.

Does struts 2 provide some out of the box jar I can implement? Also I noted in Struts 2 in Action there is an example of a custom built inteceptor for the purpose. Is this the generally accepted method? I looked into JAAS but do not want to have to make changes to every jBoss instance the application is running off of.

Could someone give me some feed back on the methods they like for securing a web app and why? Links to examples would be helpful.

Joe Ess

Joined: Oct 29, 2001
Posts: 9189

No, Struts 2 does not have any security functionality built-in.
I usually use container-based security. I've seen others using Acegi and implementing custom solutions. It all depends on your particular requirements.

[How To Ask Questions On JavaRanch]
E Robb
Ranch Hand

Joined: Aug 27, 2010
Posts: 111
Doesnt container based security require changes to the servlet container? If not can you provide a link for simple deployment.

The web site I am working on will be deployed to 100's of containers and I dont want our technical team to have to change the servlet container every time.

I agree. Here's the link:
subject: Struts 2 security
It's not a secret anymore!