File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Struts: Access rights Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts: Access rights" Watch "Struts: Access rights" New topic

Struts: Access rights

Lakshmanan NS

Joined: Apr 02, 2003
Posts: 20
Hi all,
Does anybody used / come across any framework or pattern which deals with access rights in struts. I am looking at something like given a URL and an event, we can define access rights for the logged in user whether he/she can access this functionality or not. Any thougts?
Darryl A. J. Staflund
Ranch Hand

Joined: Oct 06, 2002
Posts: 303
Hi there,
I am not sure of the exact type of authorization you are looking to put in place with your Struts application but I hope the following personal findings might be helpful:
1. User authentication is best implemented using JAAS.
2. Role-based authorization is best implemented using security configuration files. It can also be used in conjunction with Struts as described below.
3. Struts 1.1 implements action-based authorization. If you take a look at the struts-config.xml 1.1 DTD, you'll find that you authorize certain roles to execute Struts actions while denying others.
4. Struts 1.1 also impelements tiles-based authorization (if you're using its Tiles component.) In effect, Struts lets you authorize certain roles to display tiles while denying others. Look at the Tiles-related DTDs for more information on it.
5. If you need to perform more complex authorization checks at the action-level, you can subclass the RequestProcessor class and then override the default doRoles method.
Hope this helps.
Lakshmanan NS

Joined: Apr 02, 2003
Posts: 20
Thanks for the reply. But we are still using Struts 1.0.2 as it is a stable release.
I agree. Here's the link:
subject: Struts: Access rights
It's not a secret anymore!