users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [cinjug-users] J2ee Container Managed Web Security and Struts

from [Jason Zhang] [Permanent Link][Original]
To: John Olmstead <jolmstead2k@xxxxxxxxx>, Cinjug <users@xxxxxxxxxx>
Subject: Re: [cinjug-users] J2ee Container Managed Web Security and Struts
From: Jason Zhang <jczhang9999@xxxxxxxxx>
Date: Fri, 21 Apr 2006 06:58:53 -0700 (PDT)
Delivered-to: mailing list users@cinjug.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=fET3ga9amzRVfs2GD5OnVuPdHy894MOUtM2A5ZloBJbRHB1ohCKOcit0bSIqx8kA2oWULswVuOTerWOUDzCDKsn7K0AgzOv0K+pztJAFixgOwlP7cbSibvHlSWj4g0WWpMz2Bhe5qDhVlZ956edmHt4dtdNuORcHgot7cYG0RB0= ;
In-reply-to: <20060421123414.21713.qmail@web54303.mail.yahoo.com>
Mailing-list: contact users-help@cinjug.org; run by ezmlm
May be you can think about customizing the action mapping,
 
    <action   path="/submit"
              className="my.MyActionMapping"
              type="my.MyAction"
              name="MyForm"
              scope="request"
              validate="true"
              input="input.jsp">
      <set-property property="role"
                 value="customer,employee,employer" />
      <set-property property="forwards"
                    value="page1,page2,page3" />
      <forward name="page1"  path="Page1.jsp"  />
      <forward name="page2"  path="Page2.jsp"  />
      <forward name="page3"  path="Page3.jsp"  />
    </action>
 
Jason Zhang

John Olmstead <jolmstead2k@xxxxxxxxx> wrote:
Ladies and Gentlemen;

I am struggleing to formulate a solution plan to implement a J2ee custom web security model to
a struts based application. The security mapping is fairly standard with protected url
mappings, form based authentication , LDAP authentication and DB authorization.

Container managed security is directory based as protected areas are mapped with url mappings.
Problem is that struts will gladly render protected resources to unauthenticated/unauthorized
users.

Two solutions come to mind. One is a custom tag , implemented on every jsp page in the
protected areas to check authentication and authorization. The second is a servlet filter
that intecepts the request between the action class to the view resource (jsp). Not all areas
of the application are protected.

I have surfed online developer resources and do not find there to be a lot of information on
this topic. In fact, I find that most of the struts demo apps out there are using application
managed security.

I'd appreciate hearing about any experiances you may have on implementing J2ee web security on
any mvc framework. It certainly appears to me that J2ee web security was intended for model 1
web applications and not model 2 (mvc).

Thanks in advance for your comments.


John Olmstead
(859) 380 2743

John Olmstead
jolmstead2k@xxxxxxxxx

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

---------
You may unsubscribe from this mailing list
by sending a blank email addressed to:
users-unsubscribe@xxxxxxxxxx

--
Find additional help by sending a blank email
addressed to:
users-help@xxxxxxxxxx


Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [cinjug-users] J2ee Container Managed Web Security and Struts, Abraham Fathman
Next by Date:  Hibernate in JBoss vs Tomcat, Wei Zhang
Previous by Thread:  RE: [cinjug-users] J2ee Container Managed Web Security and Struts, Abraham Fathman
Next by Thread:  Re: [cinjug-users] J2ee Container Managed Web Security and Struts, Greg Nieman
Indexes:  [Date] [Thread] [Top] [All Lists]