This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes Struts and the fly likes Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Security" Watch "Security" New topic


Anup Om
Ranch Hand

Joined: Dec 30, 2009
Posts: 62

The struts2 app I am developing uses container based security (<security-constraint> in web.xml). But, the user registration page is unsecure.
Once the user reqisters successfully, he would have to access secured resources to perform further actions. when the user hits the secured resources' url, he is
being asked to authenticate again. I don't want that to happen. If a user is able to register successfully, I want to consider him as a authenticated user.

For now, I am calling HttpServletRequest's login() method to perform authentication in the user registeration action. But, this method is added in Servlet 3.
What are the other alternatives I have? How can I do it with Servlet 2.5?

Thanks for help in advance.

Jesus Mireles
Ranch Hand

Joined: Mar 10, 2010
Posts: 122

Have you looked into using Spring to authenticate you right after the registration
I agree. Here's the link:
subject: Security
Similar Threads
Authentication with JDBC Realms and MVC pattern (Controller servlet)
How to secure servlet in websphere?
login after registration using j_security_check
Form Authentication not working
Java Client for a WS-Secure Jax-WS Web Service