This Chapter
-	Chapter 13: Securing Struts Applications
-	Principals and Roles
-	Writing Security Policy
-	Authentication Methods
-	Hiding Resources
-	Struts Security Configuration
-	Programmatic Security
-	Summary

Table of Contents
-	Introduction
-	Chapter 1: Model 2 and Struts
-	Chapter 2: Input Validation with Action Forms
-	Chapter 3: The HTML Tag Library
-	Chapter 4: Input Validation and Data Conversion
-	Chapter 5: The Validator Plugin
-	Chapter 6: The Expression Language
-	Chapter 7: JSTL
-	Chapter 8: The Bean Tag Library
-	Chapter 9: The Logic Tag Library
-	Chapter 10: Struts-EL, Nested, selectLabel
-	Chapter 11: Message Handling and Internationalization
-	Chapter 12: The Tiles Framework
-	Chapter 13: Securing Struts Applications
-	Chapter 14: The Config Object
-	Chapter 15: The Persistence Layer
-	Chapter 16: Object Caching
-	Chapter 17: File Upload and File Download
-	Chapter 18: Paging and Sorting
-	Chapter 19: Preventing Double Submits
-	Chapter 20: Early HttpSession Invalidation
-	Chapter 21: Decorating Request Objects
-	Chapter 22: How Struts Works

 

Summary

In this chapter, you have learned how to configure the deployment descriptor to restrict access to some or all of the resources in your servlet applications. The configuration means that you need only to modify your deployment descriptor file—no programming is necessary. In addition, you have also learned how to use the roles attribute in the action elements in your Struts configuration file.

Writing Java code to secure Web applications is also possible through the following methods of the javax.servlet.http.HttpServletRequest interface: getRemoteUser, getPrincipal, getAuthType, and isUserInRole.

 

©2006-2007 Brainy Software Corp.