Thank you very much, I will have a look a this...
Sebastien
On 2/1/07, Ron Chan <[EMAIL PROTECTED]> wrote:
http://www.acegisecurity.org/ is a popular os generic security layer
http://appfuse.org/ is a "kickstart" app that has acegi, mvc, orm layer
all
pre-configured with a simple user manage
http://www.acegisecurity.org/ is a popular os generic security layer
http://appfuse.org/ is a "kickstart" app that has acegi, mvc, orm layer all
pre-configured with a simple user management system; S2 is one of its many
mvc options
even if you don't use appfuse it is a good source to pick up ide
to:[EMAIL PROTECTED]
> Sent: Wednesday, January 31, 2007 8:57 PM
> To: Struts Users Mailing List
> Subject: Re: [S2] User authentication best practice (2nd time...)
>
> Thanks for your answer.
> Maybe I'm not very clear (sorry for my english). Let's imagine the
> following
&g
uts Users Mailing List
> Subject: Re: [S2] User authentication best practice (2nd time...)
>
> Thanks for your answer.
> Maybe I'm not very clear (sorry for my english). Let's imagine the
> following
> request to access the page to update the user informations :
>
On 1/31/07, Sébastien LABEY <[EMAIL PROTECTED]> wrote:
Hi all (sorry for the previous unterminated mail),
I would like to know if S2 provides a solution to manage user
authentication.
In short, no. S2 has a RolesInterceptor which allows you to specify that
users in certain roles are allowed
Thanks for your answer.
Maybe I'm not very clear (sorry for my english). Let's imagine the following
request to access the page to update the user informations :
/myApp/userPrepareUpdate.action?id=1234
Anyone can modify the request and change 1234 to any other id and so access
to the informations
Hi,
Why do you care about the information in the request? Typically, you
have a login page and the corresponding action stores the user object
into the session. In all subsequent requests, you can check the user
object in the session to determine which user did log in. This works for
S1, but I'd t
7 matches
Mail list logo
