wood burning stoves 2.0*
The moose likes Struts and the fly likes Authentication and Authorization in struts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Authentication and Authorization in struts" Watch "Authentication and Authorization in struts" New topic
Author

Authentication and Authorization in struts

Vidya Gupta
Ranch Hand

Joined: Mar 18, 2012
Posts: 98


Hi,

Can anyone tell me how to use authentication and authorization concept in struts ... please help me..

Regards,
Vidya
E Armitage
Rancher

Joined: Mar 17, 2012
Posts: 892
    
    9
Google JAAS
Maybe Google "Spring security" as well. Compare the two and see which one is most appropriate for your project.
P.S There is no need to include Struts in the searches/posts because there is no need to tie your security implementation to your view framework.
Daniel Val
Ranch Hand

Joined: Jan 09, 2012
Posts: 44
Vidya Gupta wrote:

Hi,

Can anyone tell me how to use authentication and authorization concept in struts ... please help me..

Regards,
Vidya


If you want to do it yourself, I see two options:

1. you use a filter - if user is not authenticated, you redirect to the login page. The filter should be installed for *.jsp and *.do - this will cover all the dynamic content on the site.
2. you don't use a filter. This is not the best approach but it works. Then you need:
- A custom tag you put in all jsp files that can be accessed only while authenticated: inside the tag, you check if the user is authenticated, if not, redirect to the login page
- Except the action associated to the login page, check in each action method whether the user is authenticated, if not, forward to the login page

Obviously the second method requires more work. Personally I use filters for all the authentication needs.
William P O'Sullivan
Ranch Hand

Joined: Mar 28, 2012
Posts: 859

Good answer Daniel.

WP
Mohana Rao Sv
Ranch Hand

Joined: Aug 01, 2007
Posts: 485

Denail explained very well. I would like to add more to it you better follow Filter approach and in Struts2 StrutsPrepareAndExecuteFilter is the centralized request processor so override this filter according to your need's.


ocjp 6 — Feeding a person with food is a great thing in this world. Feeding the same person by transferring the knowledge is far more better thing. The reason is the amount of satisfaction which we get through food is of only one minute or two. But the satisfaction which we can get through the knowledge is of life long.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication and Authorization in struts