NOT get today
off as a paid holiday)
Martin-
- Original Message - From: "Eddie Bush" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List"
Sent: Monday, May 30, 2005 2:10 AM
Subject: Re: Security in Struts
Adam,
Nothing put me off CMA :-) I think it's fa
27;re not the only one that does NOT get today off
as a paid holiday)
Martin-
- Original Message -
From: "Eddie Bush" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List"
Sent: Monday, May 30, 2005 2:10 AM
Subject: Re: Security in Struts
Adam,
Nothing p
a year - can't change everyone overnight
;-)
Happy Memorial Day Everyone! :-D ... back to work Tuesday :-( ... vacation
coming soon though! :-D
Later :-)
Eddie
- Original Message -
From: "Adam Hardy" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List"
Sent
Eddie,
what put you off CMA?
if you don't mind me asking.
Adam
On 28/05/05 19:00 Eddie Bush wrote:
Tarek,
Java provides a standard mechanism for you to tell if the person
accessing your application has a certain permission. This is available
through request.isUserInRole(String). Unfortunat
Hi Eddie,
Thanks a lot for such an enlightening explanation.
-Original Message-
From: Eddie Bush [mailto:[EMAIL PROTECTED]
Sent: Saturday, May 28, 2005 10:01 PM
To: Struts Users Mailing List
Subject: Re: Security in Struts
Tarek,
Java provides a standard mechanism for you to tell if
Tarek,
Java provides a standard mechanism for you to tell if the person accessing
your application has a certain permission. This is available through
request.isUserInRole(String). Unfortunately, that only works for
Container-Managed Authentication (CMA). You can make it work without using
On 5/26/05, Durham David R Jr Ctr 805 CSPTS/SCE
<[EMAIL PROTECTED]> wrote:
> > Thanks David. But it seems that this framework only works with
> > Spring, and we're not using Spring.
>
> It works with Struts MVC, but yes, you'll likely need Spring to
> configure the filters, and to do some proxying
> Thanks David. But it seems that this framework only works with
> Spring, and we're not using Spring.
It works with Struts MVC, but yes, you'll likely need Spring to
configure the filters, and to do some proxying for the "button" level
access.
- Dave
--
Thanks David. But it seems that this framework only works with Spring,
and we're not using Spring.
-Original Message-
From: Durham David R Jr Ctr 805 CSPTS/SCE
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 6:45 PM
To: Struts Users Mailing List
Subject: RE: Security in S
[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 4:09 PM
To: Struts Users Mailing List
Subject: Re: Security in Struts
Hi Tarek,
If you want action level security, just write a base action that
authenticates the user, and which all other actions extend. In the base
action, if the user is valid,
> Are there any widely used approaches or best practices that we
> can follow?
The acegi security framework offers a widely used approach:
http://acegisecurity.sourceforge.net/
- Dave
-
To unsubscribe, e-mail: [EMAIL PROTECT
Hi Tarek,
If you want action level security, just write a base action that
authenticates the user, and which all other actions extend. In the base
action, if the user is valid, then processing continues. Otherwise, the
user is redirected to the logged-out page. I would put this logic in
th
Hello Tarek,
I'd say front your application with a Servlet Filter that checks for
the security of the current page against security runles defined in
database/XML and probably cached for the current session to avoid
hitting database for every request.
ATTA
On 5/25/05, tarek.nabil <[EMAIL PROTECT
I posted on wiki:
http://wiki.apache.org/struts/ApplicationSecurity
(any FAQ, maybe people create or edit WIKI)
.V
Hari Saptoadi wrote:
Hi All
i'd like to say sorry if someone already asked this question before...
what is best practice implement security in struts apps ?
i'm looking something that
14 matches
Mail list logo
