• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to Authorize Struts based application?

 
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

We have struts based SAP application, which we customizing to meet cutomer needs. As there are 3 modules involved, we need to have Authorization mechanism, one component makes HTTP call to another module, here we want to make sure that he is an authorized user to perform that task..
We want to authorize the user and allow him/her to perform only those operations which he/she is authorized thru web based application. I mean, we want to display appropriate links based on user roles.. Can anyone suggest me the options/solutions readily available to do that..

One option what i cud think of is show/hide the links in jsp, but if there are lots of user roles, then our jsp implementation will be huge..

Any help would be highly appreciated..

Thanks in Advance..

Shridhar..
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It might be best to write a custom taglib that allows you to list the roles that allow the link.

<myTagLib:link href="link.do" roles="supervisor,admin">Do Something</myTagLib:link>
<myTagLib:link href="otherLink.do" roles="admin">Do Something else</myTagLib:link>
 
Shridhar. Blr.
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Marc,</br></br>

Thanks for Ur quick reply..</br></br>
  This TLD is readily available or we need to implement it..</br></br>

We have 3 modules in our project, we make HTTP calls to other modules to get the required data, in this case also, i.e. when One ActiveX control makes a HTTP call to Java server, we want to authorize this call, check for the role and continue with SUCCES or FAILURE..</br></br>

Can you suggest some solution for this..</br></br>

Thanks,</br></br>
Shridhar..
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If security is purely per module, you can usually set up your web.xml to allow only certain roles to each module. If security is action specific, Struts allows you to specify roles as a part of the ActionMappings in struts-config.xml.

The taglib is something you would have to write, as I don't know of any open source tool for this, though one might exist. It should not be very difficult to write.
 
A magnificient life is loaded with tough challenges. En garde tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic