Home

This Chapter
-Chapter 13: Securing Struts Applications
-Principals and Roles
-Writing Security Policy
-Authentication Methods
-Hiding Resources
-Struts Security Configuration
-Programmatic Security
-Summary

Table of Contents
-Introduction
-Chapter 1: Model 2 and Struts
-Chapter 2: Input Validation with Action Forms
-Chapter 3: The HTML Tag Library
-Chapter 4: Input Validation and Data Conversion
-Chapter 5: The Validator Plugin
-Chapter 6: The Expression Language
-Chapter 7: JSTL
-Chapter 8: The Bean Tag Library
-Chapter 9: The Logic Tag Library
-Chapter 10: Struts-EL, Nested, selectLabel
-Chapter 11: Message Handling and Internationalization
-Chapter 12: The Tiles Framework
-Chapter 13: Securing Struts Applications
-Chapter 14: The Config Object
-Chapter 15: The Persistence Layer
-Chapter 16: Object Caching
-Chapter 17: File Upload and File Download
-Chapter 18: Paging and Sorting
-Chapter 19: Preventing Double Submits
-Chapter 20: Early HttpSession Invalidation
-Chapter 21: Decorating Request Objects
-Chapter 22: How Struts Works

Previous
Next

 

Chapter 13

Securing Struts Applications

Security is one of the most critical issues in Web application development. As for servlet applications, there are two ways to secure application resources, by configuring the application and by writing Java code. The former is more popular because of its flexibility. By editing your deployment descriptor (web.xml file), you can change your security policy without rewriting code. For instance, you can restrict access to certain roles and HTTP methods, determine how users can authenticate themselves, and so forth. Since Struts is based on the Servlet technology, securing a Struts application will center on this configuration, plus the security feature in Struts itself.

To be good at security configuration, you need to be familiar with the concepts of principal and roles, therefore this chapter starts with a discussion of both. Afterwards, the chapter explains how to write a security policy and deals with authentication methods. After a section on how to hide resources and another on Struts-specific security features, this chapter concludes with the second way of security servlet applications: by writing Java code.

Previous
Next