struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject RE: Security and Struts
Date Wed, 31 Jul 2002 15:59:44 GMT
You could always try <logic:present role="...">

:-)

Craig


On Wed, 31 Jul 2002, Jacob Hookom wrote:

> Date: Wed, 31 Jul 2002 01:17:02 -0500
> From: Jacob Hookom <hookomjj@uwec.edu>
> Reply-To: Struts Users Mailing List <struts-user@jakarta.apache.org>
> To: 'Struts Users Mailing List' <struts-user@jakarta.apache.org>
> Subject: RE: Security and Struts
>
> I was reading the struts-template generated pages and they described a
> security.tld; since I cannot find that and after reading the snippets
> from David Geary's Javaworld article, it doesn't look too hard to do
> your own tag that would simply do:
>
> private boolean roleIsValid()
> {
> 	return role == null || // valid if role isn't set
>          ((javax.servlet.http.HttpServletRequest)
>           pageContext.getRequest()).isUserInRole(role);
> }
>
> <security:authenticate role="admin">
> 	// display whatever
> </security:authenticate>
>
> I suppose if you wanted to do specialized realm authentication with my
> below example:
>
> page.jsp?id=3 vs. page.jsp?id=4
>
> You could do the same thing you do with OSCache and pattern matching.
> Role would be 'PAGE.JSP_<%=request.getParameter("id")%>' and write a
> filter or abstract it to work with tags also.
>
> It seems each week we have a new theme... authentication this week,
> slowly trickling back into relational database mapping.... maybe the
> next big question will be why it stings when I get shampoo in my eyes...
> any takers? Eddie?
>
> Jacob Hookom
> Comprehensive Computer Science
> University of Wisconsin, Eau Claire
>
>
> -----Original Message-----
> From: Eddie Bush [mailto:ekbush@swbell.net]
> Sent: Tuesday, July 30, 2002 11:45 PM
> To: Struts Users Mailing List
> Subject: Re: Security and Struts
>
> Jacob Hookom wrote:
>
> >I think the real issue is that realm authentication and filter
> >authentication is context based.  Aside from messing with tiles (great
> >technology, just not interested)
> >
> :-)
>
> >what is pro quo for pageContext
> >security if I use the same view for multiple items?
> >
> >IE, you can see page.jsp?id=3 but not page.jsp?id=4
> >
> Very good question - you'd either allow/disallow access to page.jsp I
> belive.  In your case, you'd have to have something finer-grained.
>
> >
> >
> >Jacob Hookom
> >Comprehensive Computer Science
> >University of Wisconsin, Eau Claire
> >
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
>
>
>
> --
> To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message