place your right control check in a filter, i.e whenever the user send a
request to
the server, retrieve its right information then compare the request uri,
if match,
the user has been granted to do so, or does not have the proper right.
good luck.
On 04/16/2010 10:36 AM, Stephane Cosmeur wrot
Hand-rolled security almost always has many holes.
I would suggest using spring security.
Cimballi wrote:
One way to do it it to have a super action with a permission property,
and you set the permission property with a static param in your struts
xml files using the StaticParameters intercepto
> From: cosm...@gmail.com
> Date: Fri, 16 Apr 2010 11:28:05 +0800
> Subject: Re: Basic security problem
> To: user@struts.apache.org; cimba...@cimballi.net
>
> Thank you for answers.
>
> Your method looks good Cimbali. But do you think it would be really better
> th
Thank you for answers.
Your method looks good Cimbali. But do you think it would be really better
than an object which describe the role of the user stored in the session map
?
At firstline of each action in java, i would have:
'if (role.hasRighMethodName == true) ..
Do you think your method is
Hi Stephane,
As Kun says, you have to test the role in your action.
One way to do it it to have a super action with a permission property,
and you set the permission property with a static param in your struts
xml files using the StaticParameters interceptor.
Then, you add a hasPermission method t
You should check the authentication all by yourself in your action.
Stephane Cosmeur wrote:
Hello struts users
I have a really basic security problem and i would like to know what is the
best practice to resolve it.
I have an application with an authentification system and diffrent rights
for
6 matches
Mail list logo
