• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

Struts Security + Actions + Roles + Principal

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know u are Guru of Struts , that's why i need ur help. I,m a
newbie.
I 'm involved in a Struts project where the is a need for security.
Here is a the application behave.
Fisrt, the user need to login into the intranet: he enter his user
name
and paasword. He accesses, who ever it is the Main Menu of the
intranet.
The is choses to enter my specific application. Then he enter
specific
parameter of my app with enables him to get a role. In addition
Username
+ Password + DataX + DataY + Year => a role.
I An example of role his supervisor, another else administrator,
another
else simple user.
In my sttruts action , un the action part, i put the roles allowed
per
action.
Now, how should manager my particular role to provide container
managed
security (if possible) . how should i used "Principal"
reauest.getUserPrincipal(), .
Or shall i write my own security , and how?
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm new to Struts as well but have managed to get a reasonable security setup put together. My first bit of humble advice is this:
*** don't write your own security layer ***
To do this would be more time than it would take you to learn about your application container's security features. Writing your own would also be less secure and less flexible than using the container. (This is not a slam - container security is taken seriously by most vendors and they spend the time to do it "full-on")
Ok, that being said... you must now decide on how you want your username/passwd to be stored. Containers usually give you the option of storage in a file or in a DB. If the usr/pwd are already predefined and unlikely to change, the file option might be easiest. But, if you want to be able to add/delete/change users on the fly from within the app, the JDBC option is most likely the best.
A word about the JDBC option: in this scenario, because the container (and not struts) will be checking usernames, it may be easier to do your connection pooling on the container level as well. Not that I've heard anything bad about the struts connection pool, but it may be more difficult to set up the container to read from an outside pool than from it's own.
A word about hashing: When storing the passwords, you may also want to store the hash of the password rather than the password itself. This ensures that the passwords are unreadable by anyone that is casually browsing the database or security file. Investigate if your container supports this and use it if it does.
Then, just decide what URL patterns / subdirectories you want protected, set them up, and away you go.
I hope this helps.
- JK
 
I wish to win the lottery. I wish for a lovely piece of pie. And I wish for a tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!