• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Struts: Access rights

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
Does anybody used / come across any framework or pattern which deals with access rights in struts. I am looking at something like given a URL and an event, we can define access rights for the logged in user whether he/she can access this functionality or not. Any thougts?
Lakshmanan
 
Ranch Hand
Posts: 314
2
Android VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,
I am not sure of the exact type of authorization you are looking to put in place with your Struts application but I hope the following personal findings might be helpful:
1. User authentication is best implemented using JAAS.
2. Role-based authorization is best implemented using security configuration files. It can also be used in conjunction with Struts as described below.
3. Struts 1.1 implements action-based authorization. If you take a look at the struts-config.xml 1.1 DTD, you'll find that you authorize certain roles to execute Struts actions while denying others.
4. Struts 1.1 also impelements tiles-based authorization (if you're using its Tiles component.) In effect, Struts lets you authorize certain roles to display tiles while denying others. Look at the Tiles-related DTDs for more information on it.
5. If you need to perform more complex authorization checks at the action-level, you can subclass the RequestProcessor class and then override the default doRoles method.
Hope this helps.
Darryl
 
Lakshmanan NS
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
Thanks for the reply. But we are still using Struts 1.0.2 as it is a stable release.
Lakshman
 
rubbery bacon. rubbery tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic