• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

struts security

 
bas duijzings
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is struts security covered in the book ?
for instance how you hook into JAAS etc.
I havent found a index page for this book sorry
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The book seems not cover Structs security, however, since Structs in fact is a Servlet, I think Servlet security can be adopted by Structs as well.
TOC of the book can be found from:
http://www.aw-bc.com/catalog/academic/product/0,4096,0321118898-TOC,00.html
Nick
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean extending struts controller to accomodate JAAS?
Cant we insert a filter before the Controller to handle this? You can have also have something like a LoginAction that uses JAAS to authenticate and store a variable in the session indicating that user has been authenticated.
But if you have declarative security switched on at the web/ ejb tier and wish to pass on the user context to the say the EJB container, I think you will have to investigate the app server specific way of storing the context.
Then you have to programmatically store the user context after authenticating using JAAS.
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You mean extending struts controller to accomodate JAAS?
Cant we insert a filter before the Controller to handle this? You can have also have something like a LoginAction that uses JAAS to authenticate and store a variable in the session indicating that user has been authenticated.

Using Filter is one of the possible methods, and this method is also one of the security mechanism that used in Servlets. Thus, in fact, all security measurements that used in Servlet can be adopted by Structs.
Nick
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Nicholas Cheung:

all security measurements that used in Servlet can be adopted by Structs.
Nick

True. But I guess he is probably looking for a way to extend Struts Controller component to do this, i mean some extension points.
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

he is probably looking for a way to extend Struts Controller component to do this, i mean some extension points.

In this case, you may need to write some programs for this purpose. For example, when you invoke EJB in other server from the Structs (Servlets), if you wanna securing the channel, you need to make the data sent through JAAS, seems that the container currently does not support such security means automatically.
Nick
 
bas duijzings
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The book seems not cover Structs security, however, since Structs in fact is a Servlet, I think Servlet security can be adopted by Structs as well.

I know struts uses a servlet, and there are other ways to use security or check if the user is authenticated besides filters. However it would be usefull if it was described in the book since struts in the most widely used framework with an implementation of servlets. Therefore an example with struts would be a welcome and usefull one.
So I rephrase my question, is there a struts example in the book ?
thanks
 
bas duijzings
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can you let me know if this is included please ? I am very much interested in it ?
 
Marco Pistoia
Author
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bas,
We do not conver struts security explicitly, but we do cover servlet security. I hope this helps.
Marco Pistoia
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic