This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Struts and the fly likes Restrict user to access action Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Restrict user to access action " Watch "Restrict user to access action " New topic
Author

Restrict user to access action

N Kumar
Greenhorn

Joined: Jan 09, 2007
Posts: 2
Hi All,

I have a problem,I am developing an application, where multiple groups(Administrator,supervisor,inspector...) are there.And they have some restricted access only.
Now the problem is if the user login from supervisor user id and if he has the url for administrator then he can access the page.
I am checking the user in session the problem is the supervisor has login with userid and password and after that he is putting the url where he donot have access.
Can anybody suggest how to control it?
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29283
    
140

Every action should be responsible for it's own security check that the user has the correct role. Then typing in the URL isn't enough to access a page.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Restrict user to access action
 
Similar Threads
Using default JAAS Mechanism in Websphere makes applications to access the context path of the other
Design question (polymorphism problem)
Tomcat - access PDF reports directly
Security with swing
Tomcat - direct access to PDF documents