Is there any generally accepted way to provide security to a struts application after login? O have looked through Acegi Security examples but dont really see any way to implement it without putting spring jars in my lib which I would prefer not to do.
Does struts 2 provide some out of the box jar I can implement? Also I noted in Struts 2 in Action there is an example of a custom built inteceptor for the purpose. Is this the generally accepted method? I looked into JAAS but do not want to have to make changes to every jBoss instance the application is running off of.
Could someone give me some feed back on the methods they like for securing a web app and why? Links to examples would be helpful.
No, Struts 2 does not have any security functionality built-in.
I usually use container-based security. I've seen others using Acegi and implementing custom solutions. It all depends on your particular requirements.