http://www.acegisecurity.org/ is a popular os generic security layer

http://appfuse.org/ is a "kickstart" app that has acegi, mvc, orm layer all
pre-configured with a simple user management system; S2 is one of its many
mvc options

even if you don't use appfuse it is a good source to pick up ideas about how
to setup all the layers

HTH


Sébastien LABEY wrote:
>
> Hi all (sorry for the previous unterminated mail),
>
> I would like to know if S2 provides a solution to manage user
> authentication.
> I also would like to know if someone could lead me to best practice for
> user
> creation / authentication to a web application. I'm worried about security
> after the user has logged in, because of the parameters that appear in the
> request. For example, the request that leads to user informations
> modification shows the id of this user in the request, so I've to control
> that the user id in the request is the same than the one in session (in
> the
> user object stored in session after login).
> Do you have some best practices to help me...?
>
> thanks in advance
>
> Sebastien
>
>

--
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)