This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Struts and the fly likes Struts Application Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts Application Security" Watch "Struts Application Security" New topic
Author

Struts Application Security

Gobind Singh
Ranch Hand

Joined: Aug 04, 2006
Posts: 62
I am having a problem in deciding how to implement security in my web application. I have a set of action mappings in my Struts Config file which I only want available to "admin" users.

All of my user and role information is stored in a database.
I have read about using web.xml to constrain certain url-patterns and using struts ActionMapping to deine roles. I am more confused afer this.



Any guidance about how to go about this would be appreciated.
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
This article offers what I believe to be a good solution for handling security in Struts. It involves extending the ActionMapping class with your own custom class. Hopefully, this article will at least give you some ideas about what is possible.


Merrill
Consultant, Sima Solutions
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Struts Application Security
 
Similar Threads
increase database connection
Passing paramter from jsp to action class
Filter or RequestProcessor
Book Promotion : Hacking Exposed: J2EE and Java
Working with Tiles with Struts Module -