This week's book giveaway is in the General Computing forum.
We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line!
See this thread for details.
The moose likes Struts and the fly likes Is this the right way to implement user permission in struts 2 ? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Frameworks » Struts
Reply Bookmark "Is this the right way to implement user permission in struts 2 ?" Watch "Is this the right way to implement user permission in struts 2 ?" New topic
Author

Is this the right way to implement user permission in struts 2 ?

will zhang
Ranch Hand

Joined: Sep 11, 2008
Posts: 46
posted private message
0
Quote
Dear all,

I have used authentication(for user login) and authorization interceptors(for different role of users, such as user, admin, manager,....). Now I want to use interceptor to implement user permission to different actions. Example:
In a online transcript/grade system, some users can only the list of grades while some users can see and change the grades. Some users can only see the students info while some users can see and change students info. Therefore, there're at least 4 permissions:
read grades only
read and write grades
read students info only
read and write students info only

I plan to do the following:
1. create a permission table and assign user permissions.
2. add interceptor to action

3. create interceptor to check if user has the permission

I wonder if this is the right way. Or is there better way to do?

Thanks!
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I like...
IntelliJ IDE Ruby
posted
0
Quote
That's certainly one way to do it.

Be aware, however, that if you define action-specific interceptors, you must define *all* interceptors for that action. In your example, *only* the "permissionInterceptor" interceptor will be used.
will zhang
Ranch Hand

Joined: Sep 11, 2008
Posts: 46
posted private message
0
Quote
Thanks. David, is there other way to do it?

Here's what it should to be:



David Newton wrote:That's certainly one way to do it.

Be aware, however, that if you define action-specific interceptors, you must define *all* interceptors for that action. In your example, *only* the "permissionInterceptor" interceptor will be used.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I like...
IntelliJ IDE Ruby
posted
0
Quote
If that particular interceptor stack is used throughout the application, or even more than just a few times, I'd define my own interceptor stack. If it's the most common stack used in the app, I'd make it the default interceptor stack.
will zhang
Ranch Hand

Joined: Sep 11, 2008
Posts: 46
posted private message
0
Quote
David Newton wrote:If that particular interceptor stack is used throughout the application, or even more than just a few times, I'd define my own interceptor stack. If it's the most common stack used in the app, I'd make it the default interceptor stack.


Thanks, will define my own interceptor stacks.

BTW, is interceptor the best solution for user permissions in my case?
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I like...
IntelliJ IDE Ruby
posted
0
Quote
I think an interceptor of some type is great for anything that cuts across the entire application.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Is this the right way to implement user permission in struts 2 ?
 
Similar Threads
After upgrading from 2.0.x to 2.2.x, static content no longer loads
Struts 2 error - Unable to load configuration
Issue configuring global results
Implementing Struts 2 Roles Interceptor
Interceptor messes up action class in Struts2