Access control security issues

Category: Java EE
2009-12-05 09:45:27

Sponsored Links
Only administrators can use some operations. Although the front-end access to the entrance blocked, but because the web is open, or directly through the methods url to access. Does the method still needs interceptors?

Sponsored Links

2009-12-05 10:00:58
struts2 of AbstractInterceptor, MethodFilterInterceptor
spring of MethodInterceptor, MethodBeforeAdvice, AfterReturningAdvice
or each jsp, action all add authority to judge. . .
2009-12-05 10:18:14

this treatment should be the most convenient
2009-12-05 10:34:57
2009-12-05 10:50:03
This question is generally within the system for you to jump in the configuration file Riga intercept method makers.
2009-12-05 11:03:45
permissions exist in session. In the method of the head judge, if you do not have permission to jump back to the Home
2009-12-05 11:20:07

session is certainly use to, but you have high coupling in this way is not good. Not as interceptors.
2009-12-05 11:23:51
can be set in Filte
2009-12-05 11:31:48
filter or interceptor implementation.
2009-12-05 11:42:43
you do not know what framework, if it is SSH, you can get all the action inherited from BaseAction, and then in the parent class which determines if the session is not an administrator, skip the login page, servlet also Like, inherited from a parent class, parent class to write on into
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.