This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
Hi all, Does anybody used / come across any framework or pattern which deals with access rights in struts. I am looking at something like given a URL and an event, we can define access rights for the logged in user whether he/she can access this functionality or not. Any thougts? Lakshmanan
Hi there, I am not sure of the exact type of authorization you are looking to put in place with your Struts application but I hope the following personal findings might be helpful: 1. User authentication is best implemented using JAAS. 2. Role-based authorization is best implemented using security configuration files. It can also be used in conjunction with Struts as described below. 3. Struts 1.1 implements action-based authorization. If you take a look at the struts-config.xml 1.1 DTD, you'll find that you authorize certain roles to execute Struts actions while denying others. 4. Struts 1.1 also impelements tiles-based authorization (if you're using its Tiles component.) In effect, Struts lets you authorize certain roles to display tiles while denying others. Look at the Tiles-related DTDs for more information on it. 5. If you need to perform more complex authorization checks at the action-level, you can subclass the RequestProcessor class and then override the default doRoles method. Hope this helps. Darryl
Joined: Apr 02, 2003
Hi Thanks for the reply. But we are still using Struts 1.0.2 as it is a stable release. Lakshman