Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is this the right way to implement user permission in struts 2 ?

 
will zhang
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all,

I have used authentication(for user login) and authorization interceptors(for different role of users, such as user, admin, manager,....). Now I want to use interceptor to implement user permission to different actions. Example:
In a online transcript/grade system, some users can only the list of grades while some users can see and change the grades. Some users can only see the students info while some users can see and change students info. Therefore, there're at least 4 permissions:
read grades only
read and write grades
read students info only
read and write students info only

I plan to do the following:
1. create a permission table and assign user permissions.
2. add interceptor to action

3. create interceptor to check if user has the permission

I wonder if this is the right way. Or is there better way to do?

Thanks!
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's certainly one way to do it.

Be aware, however, that if you define action-specific interceptors, you must define *all* interceptors for that action. In your example, *only* the "permissionInterceptor" interceptor will be used.
 
will zhang
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. David, is there other way to do it?

Here's what it should to be:



David Newton wrote:That's certainly one way to do it.

Be aware, however, that if you define action-specific interceptors, you must define *all* interceptors for that action. In your example, *only* the "permissionInterceptor" interceptor will be used.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If that particular interceptor stack is used throughout the application, or even more than just a few times, I'd define my own interceptor stack. If it's the most common stack used in the app, I'd make it the default interceptor stack.
 
will zhang
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:If that particular interceptor stack is used throughout the application, or even more than just a few times, I'd define my own interceptor stack. If it's the most common stack used in the app, I'd make it the default interceptor stack.


Thanks, will define my own interceptor stacks.

BTW, is interceptor the best solution for user permissions in my case?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think an interceptor of some type is great for anything that cuts across the entire application.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic