Here are some hints about securing your application:

Struts runs in J2EE, so you can use J2EE security, aka CMA:

* http://e-docs.bea.com/wls/docs61/webapp/web_xml.html WEB.XML * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#JDBCRealm One Containers Realms

Depending on your functional requirements, additional Java security packages exist such as:

Acegi - article describes implementation without Spring

* http://acegisecurity.sourceforge.net/standalone.html (Overview) * http://raibledesigns.com/wiki/Wiki.jsp?page=AppFuseAuthentication (Tutorial)

JAAS -

* http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html * http://www.jroller.com/page/tomdz/20041215 (Using JAAS with Struts)

Pow2Acl - has not been updated since 2002

* http://pow2acl.sourceforge.net

SecurityFilter - example modules explain how to use with JDBC

* http://securityfilter.sourceforge.net/

Struts Menu -

* http://struts-menu.sourceforge.net/security.html

ApplicationSecurity (last edited 2009-09-20 23:12:17 by localhost)