I have 100 users along with their roles in database. I have 100 functions in my web application.(for example,100+ org.apache.struts.action.Action) The users and their roles often change(after one or two months) How can I implement this role_based authorization (in struts1.1)? Also I can extend a base action with authorization or implement the processRoles in the org.apache.struts.action.RequestProcessor,but I don't want to modify my java code or jsp after one or two months. Please help me!
I'm just taking a guess here, but I think that role based authorization is something that you can manage with the servlet container instead of managing it in the app itself. You map url (patterns?) to roles, and manage the user profiles in a database. In Tomcat I think you would use a JDBC security realm. I don't have my Tomcat book at hand, so I can't check the details.
Philip Shanks, SCJP - Castro Valley, CA
My boss never outsources or has lay-offs, and He's always hiring. I work for Jesus! Prepare your resume!
Joined: Jul 17, 2001
After 3 days,reply cames.First much thank Philip Shanks. I also use the tomcat-user.xml to manager the user and role through security realm. I want to know whether there is any better means to implement the user-role in the struts.