Ladies and Gentlemen;
I am struggleing to formulate a solution plan to implement a J2ee custom web
security model to
a struts based application. The security mapping is fairly standard with
protected url
mappings, form based authentication , LDAP authentication and DB authorization.
Container managed security is directory based as protected areas are mapped
with url mappings.
Problem is that struts will gladly render protected resources to
unauthenticated/unauthorized
users.
Two solutions come to mind. One is a custom tag , implemented on every jsp
page in the
protected areas to check authentication and authorization. The second is a
servlet filter
that intecepts the request between the action class to the view resource (jsp).
Not all areas
of the application are protected.
I have surfed online developer resources and do not find there to be a lot of
information on
this topic. In fact, I find that most of the struts demo apps out there are
using application
managed security.
I'd appreciate hearing about any experiances you may have on implementing J2ee
web security on
any mvc framework. It certainly appears to me that J2ee web security was
intended for model 1
web applications and not model 2 (mvc).
Thanks in advance for your comments.
John Olmstead
(859) 380 2743
John Olmstead
jolmstead2k@xxxxxxxxx
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|