File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes role_based authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "role_based authorization" Watch "role_based authorization" New topic

role_based authorization

Sam Wang
Ranch Hand

Joined: Jul 17, 2001
Posts: 95
I have 100 users along with their roles in database.
I have 100 functions in my web application.(for example,100+ org.apache.struts.action.Action)
The users and their roles often change(after one or two months)
How can I implement this role_based authorization (in struts1.1)?
Also I can extend a base action with authorization or implement the processRoles in the org.apache.struts.action.RequestProcessor,but I don't want to modify my java code or jsp after one or two months.
Please help me!

Philip Shanks
Ranch Hand

Joined: Oct 15, 2002
Posts: 189
I'm just taking a guess here, but I think that role based authorization is something that you can manage with the servlet container instead of managing it in the app itself. You map url (patterns?) to roles, and manage the user profiles in a database. In Tomcat I think you would use a JDBC security realm. I don't have my Tomcat book at hand, so I can't check the details.

Philip Shanks, SCJP - Castro Valley, CA
My boss never outsources or has lay-offs, and He's always hiring. I work for Jesus! Prepare your resume!
Sam Wang
Ranch Hand

Joined: Jul 17, 2001
Posts: 95
After 3 days,reply cames.First much thank Philip Shanks.
I also use the tomcat-user.xml to manager the user and role through security realm.
I want to know whether there is any better means to implement the user-role in the struts.
I agree. Here's the link:
subject: role_based authorization
It's not a secret anymore!