What security features are available in Struts?

Question

What security features are available in Struts?

I am tasked with developing a web application and am thinking about using the Struts framework as it seems to be standard and easy to implement.

However, before making a decision, I need to know the security features available in Struts.

Are there efficient ways to handle OWASP Top 10 using Struts? And if so, how would I do it?

+1

java security struts owasp

dmanxiii 19 nov. '08 at 15:51

source to share

3 answers

The best way to handle the top ten OWASP in racks is to look at the OWASP Enterprise Security API ...

0

McGovernTheory May 17 '09 at 12:23

source to share

Even for the features YC mentions, you probably don't want to use the Struts config file out of the box to set up the ACL for your actions. It might be better to programmatically examine the state in the HttpRequest as it exits the ActionServlet before it reaches your Struts actions (i.e. is it an HttpRequest coming from an authenticated and authorized user given a URL?). Alternatively, you can intercept the request with the ServletFilter, although you need to be careful to make sure it is thread safe.

0

Alan May 17 '09 at 12:33

source to share

yclian · Accepted Answer · 2008-11-20T01:29:10+0000

Struts offers you an MVC framework and has limited security features like. you can map roles to actions. I would recommend that you learn something more complete like Spring Security (formerly Acegi).

What security features are available in Struts?

More articles: