Access control security issues

Category: Java EE
 
hyln_hshk
2009-12-05 09:45:27

Sponsored Links
Only administrators can use some operations. Although the front-end access to the entrance blocked, but because the web is open, or directly through the methods url to access. Does the method still needs interceptors?

Sponsored Links

zhanshi456
2009-12-05 10:00:58
Filter
struts2 of AbstractInterceptor, MethodFilterInterceptor
spring of MethodInterceptor, MethodBeforeAdvice, AfterReturningAdvice
or each jsp, action all add authority to judge. . .
river_nuaa
2009-12-05 10:18:14

this treatment should be the most convenient
locusts1
2009-12-05 10:34:57
session
c0702243307
2009-12-05 10:50:03
This question is generally within the system for you to jump in the configuration file Riga intercept method makers.
nokia6543210
2009-12-05 11:03:45
permissions exist in session. In the method of the head judge, if you do not have permission to jump back to the Home
miaoer_mi
2009-12-05 11:20:07

session is certainly use to, but you have high coupling in this way is not good. Not as interceptors.
jinwmmail111
2009-12-05 11:23:51
can be set in Filte
tracy03
2009-12-05 11:31:48
filter or interceptor implementation.
sszz19
2009-12-05 11:42:43
you do not know what framework, if it is SSH, you can get all the action inherited from BaseAction, and then in the parent class which determines if the session is not an administrator, skip the login page, servlet also Like, inherited from a parent class, parent class to write on into
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.