so to avoid a smart user that wants avoid the log in (in the same computer), he maybe simplely see the url and load any url, how http://.../app/someaction.do for example.
You would only have to import the login form from where you want the login information of the user.
I wanted to ask, is this way of imposing security wrong? Is is not a simple way of achieving what we req?
is this way of imposing security wrong? Is is not a simple way of achieving what we req?
You can certainly add code to each Action class, and that will work fine, but I'm naturally lazy and don't like the idea of changing every Action class. I'd much rather put the code in one place.
You'll just have to do your homework and decide which you want to use.
I'd recommend using your own login page and writing a simple filter to check for a valid login with each page. It's much simpler than dealing with container managed authentication.
how comentary, acegi , a security framework, can be used with realm.
and acegi is used for spring