http://www.acegisecurity.org/ is a popular os generic security layer
http://appfuse.org/ is a "kickstart" app that has acegi, mvc, orm layer all pre-configured with a simple user management system; S2 is one of its many mvc options even if you don't use appfuse it is a good source to pick up ideas about how to setup all the layers HTH Sébastien LABEY wrote: > > Hi all (sorry for the previous unterminated mail), > > I would like to know if S2 provides a solution to manage user > authentication. > I also would like to know if someone could lead me to best practice for > user > creation / authentication to a web application. I'm worried about security > after the user has logged in, because of the parameters that appear in the > request. For example, the request that leads to user informations > modification shows the id of this user in the request, so I've to control > that the user id in the request is the same than the one in session (in > the > user object stored in session after login). > Do you have some best practices to help me...? > > thanks in advance > > Sebastien > > -- View this message in context: http://www.nabble.com/-S2--User-authentication-best-practice-%282nd-time...%29-tf3150750.html#a8744268 Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
