Hi everyone, I think I have a very basic question here, but after spending some time with google I haven´t found a real solution to this question: What is the best way to secure a struts webapplication to be sure, that only logged in users are allowed to do some special action and access some special pages?
I found 3 possibilities, from what some of them seem to be a solution from older struts versions. - Extend the RequestProcessor and do a programmatic security-check - Use a Filter to do the security check - Extend all Actions from a customized BaseAction, that does the security check. But all of this seems a bit strange to me. As security is a standard-problem in every webapplication and there are a lot of people who thought about solutions (JAAS) I can´t believe, that I have to extend the struts-framework myself to provide some security issues. So what would you recommend if you want to do a real secure application with struts, together with tiles and want to be sure, that no pages or actions are used without permission? And all of this independent, if I use a Tomcat, a Resin or maybe a JBoss as my struts-web-server. Do you have any informations, examples or URL´s who have a real solution to this? THank you very much Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
