Stuck with Security related issues

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

JSP - A mailing list about Java Server Pages specification and reference

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Oracle Connection Pooling in 3 2 2
•	Servlet : Session invalidate
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Tomcat and webapplication specific java library path
•	Running a Simple JMS Example
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	Cannot find message resources under key org apache struts action MESSAGE
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	url string for connecting jboss to oracle
•	Value attribute of <html:checkbox
•	javax servlet ServletException: BeanUtils populate
•	HTTP Status 404 The requested resource is not available
•	5 0 18: Windows XP Pro vs Windows 2000

Stuck with Security related issues

Stuck with Security related issues

2007-01-19 - By prerna.sawhney@(protected)

Back

Reply: 1 2

Hi All,

I am stuck with 2 problems

Problem 1

In my web-application (developed on struts and hibernate)I have 2
modules

User Module

http://localhost:8080/SaS/Login.do

Admin Module

http://localhost:8080/SaS/Login.do

Depending on the login credentials the respective GUI are displayed.

My problem is that the Action and Form classes that are being used for
both the modules are common

So depending on the param in the request different result will appear
for a call like this

http://localhost:8080/SaS/SearchService.do

So if I am accessing the admin module in one browser window and user
module in another and I copy paste the URL part only
"SaS/SearchService.do" to the user module URL the user can view the
result which admin is only suppose to view.

Is there any way to resolve this?

Problem 2

I want to restrict direct access to some of my action classes eg if I
have following action classes

1) Login.do

2) RegisterUser.do

3) SearchUser.do

4) Service.do

Then only Login.do should be directly accessible i.e
http://localhost:8080/SaS/Login.do should work

But if someone does http://localhost:8080/SaS/RegisterUser.do this
should not work. It should throw "UnAutorized Access" Error

Any suggestion?

Thanks

Prerna

The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.

www.wipro.com