You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by SrinivasaReddy <ms...@bob-technologies.com> on 2006/09/19 06:07:47 UTC
Web Application Security -- Help needed
HI All..,
I am developing the Application in Struts+Hibernate, it is an Web Application.I need to apply the security for this applicaiton like
--> If Session Timeout over that should redirect to Login page
--> After login if we copy the url and open it in new browser, that should redirect to login page
Which type of security i need to apply for this...
Here all pages are secure pages only.
we are using the Sturts tiles to develop the application...
Thanks for any help..
Regards
Srinivasa Reddy
Re: Web Application Security -- Help needed
Posted by Raja Nagendra Kumar <Na...@tejasoft.com>.
Hi,
You need to define a secruity constaint similar to the following in web
application. Once this done, container takes care of the two issues
transperantly.
Regards,
Raja Nagendra Kumar,
C.T.O,
www.tejasoft.com
<session-config>
<session-timeout>10</session-timeout>
<session-max>4096</session-max>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLManger and Manager command</web-resource-name>
<url-pattern>/jmxproxy/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>manager</role-name>
</security-role>
----- Original Message -----
From: "SrinivasaReddy" <ms...@bob-technologies.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, September 19, 2006 9:37 AM
Subject: Web Application Security -- Help needed
HI All..,
I am developing the Application in Struts+Hibernate, it is an Web
Application.I need to apply the security for this applicaiton like
--> If Session Timeout over that should redirect to Login page
--> After login if we copy the url and open it in new browser, that should
redirect to login page
Which type of security i need to apply for this...
Here all pages are secure pages only.
we are using the Sturts tiles to develop the application...
Thanks for any help..
Regards
Srinivasa Reddy
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Web Application Security -- Help needed
Posted by pa...@axa.com.au.
Go for standard Web Security [Form based Authentication] provided by Web
Containers. This solution is free.
Else, you can use Access Management Solutions by various vendors:
SiteMinder, Java Enterprise System Access Manager, IBM Tivoli Access
Manager (TAM). Choose a product appropriate to your project criticality
and funding available.
Thanks and regards,
Pazhanikanthan. P (Paz)
Consultant for AXA,
Senior Software Engineer,
HCL Australia Services Pty. Ltd.
Off : +61-3-9618-4085
Mob : +61-0411-354-838
"SrinivasaReddy" <ms...@bob-technologies.com>
19/09/2006 02:07 PM
Please respond to "Struts Users Mailing List"
To: "Struts Users Mailing List" <us...@struts.apache.org>
cc:
Subject: Web Application Security -- Help needed
HI All..,
I am developing the Application in Struts+Hibernate, it is an Web
Application.I need to apply the security for this applicaiton like
--> If Session Timeout over that should redirect to Login page
--> After login if we copy the url and open it in new browser, that should
redirect to login page
Which type of security i need to apply for this...
Here all pages are secure pages only.
we are using the Sturts tiles to develop the application...
Thanks for any help..
Regards
Srinivasa Reddy
_____________________________________________________________________
This e-mail has been scanned for viruses by MCI's Internet Managed
Scanning Services - powered by MessageLabs. For further information
visit http://www.mci.com
*********************************************************************************
Important Note
This email (including any attachments) contains information which is
confidential and may be subject to legal privilege. If you are not
the intended recipient you must not use, distribute or copy this
email. If you have received this email in error please notify the
sender immediately and delete this email. Any views expressed in this
email are not necessarily the views of AXA. Thank you.
**********************************************************************************