This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Maybe Google "Spring security" as well. Compare the two and see which one is most appropriate for your project.
P.S There is no need to include Struts in the searches/posts because there is no need to tie your security implementation to your view framework.
Can anyone tell me how to use authentication and authorization concept in struts ... please help me..
If you want to do it yourself, I see two options:
1. you use a filter - if user is not authenticated, you redirect to the login page. The filter should be installed for *.jsp and *.do - this will cover all the dynamic content on the site.
2. you don't use a filter. This is not the best approach but it works. Then you need:
- A custom tag you put in all jsp files that can be accessed only while authenticated: inside the tag, you check if the user is authenticated, if not, redirect to the login page
- Except the action associated to the login page, check in each action method whether the user is authenticated, if not, forward to the login page
Obviously the second method requires more work. Personally I use filters for all the authentication needs.
Denail explained very well. I would like to add more to it you better follow Filter approach and in Struts2 StrutsPrepareAndExecuteFilter is the centralized request processor so override this filter according to your need's.
ocjp 6 — Feeding a person with food is a great thing in this world. Feeding the same person by transferring the knowledge is far more better thing. The reason is the amount of satisfaction which we get through food is of only one minute or two. But the satisfaction which we can get through the knowledge is of life long.