aspose file tools*
The moose likes Struts and the fly likes Is this the right way to implement user permission in struts 2 ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Is this the right way to implement user permission in struts 2 ?" Watch "Is this the right way to implement user permission in struts 2 ?" New topic
Author

Is this the right way to implement user permission in struts 2 ?

will zhang
Ranch Hand

Joined: Sep 11, 2008
Posts: 46
Dear all,

I have used authentication(for user login) and authorization interceptors(for different role of users, such as user, admin, manager,....). Now I want to use interceptor to implement user permission to different actions. Example:
In a online transcript/grade system, some users can only the list of grades while some users can see and change the grades. Some users can only see the students info while some users can see and change students info. Therefore, there're at least 4 permissions:
read grades only
read and write grades
read students info only
read and write students info only

I plan to do the following:
1. create a permission table and assign user permissions.
2. add interceptor to action

3. create interceptor to check if user has the permission

I wonder if this is the right way. Or is there better way to do?

Thanks!
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

That's certainly one way to do it.

Be aware, however, that if you define action-specific interceptors, you must define *all* interceptors for that action. In your example, *only* the "permissionInterceptor" interceptor will be used.
will zhang
Ranch Hand

Joined: Sep 11, 2008
Posts: 46
Thanks. David, is there other way to do it?

Here's what it should to be:



David Newton wrote:That's certainly one way to do it.

Be aware, however, that if you define action-specific interceptors, you must define *all* interceptors for that action. In your example, *only* the "permissionInterceptor" interceptor will be used.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

If that particular interceptor stack is used throughout the application, or even more than just a few times, I'd define my own interceptor stack. If it's the most common stack used in the app, I'd make it the default interceptor stack.
will zhang
Ranch Hand

Joined: Sep 11, 2008
Posts: 46
David Newton wrote:If that particular interceptor stack is used throughout the application, or even more than just a few times, I'd define my own interceptor stack. If it's the most common stack used in the app, I'd make it the default interceptor stack.


Thanks, will define my own interceptor stacks.

BTW, is interceptor the best solution for user permissions in my case?
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

I think an interceptor of some type is great for anything that cuts across the entire application.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Is this the right way to implement user permission in struts 2 ?