struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Zeltser <Mark.Zelt...@morganstanley.com>
Subject Re: Actions based on Role
Date Thu, 27 Mar 2003 23:33:59 GMT
Siva,

Take a look at authentication provided by web container. One of the reasons to
use your own authentication is to make it deployable on any container. However,
you can use securityfilter to make this transparent.

Suggestion: search the archives on security/securityfilter. Spend some time
understanding provided authentication mechanism. Usually, there is no need to
reinvent the wheel.

Mark.


"Jagadeesan,Sivakumar" wrote:

> Mark:
>
> It is a very simple system. The user logs into the system. The user role is
> based on the what kind of membership that user is in. So the role for a user
> will keep changing. So the only place I thought I could map the user to role
> is in database. So it will be pure business logic rather then something I do
> in deployment time.
>
> If I am wrong in my approach pls let me know how I could do this thanx
>
> --Siva Jagadeesan
>
> -----Original Message-----
> From: Mark Zeltser [mailto:Mark.Zeltser@morganstanley.com]
> Sent: Thursday, March 27, 2003 5:02 PM
> To: Struts Users Mailing List
> Subject: Re: Actions based on Role
>
> Why do you want to have your own authentication system?
>
> Mark.
>
> "Jagadeesan,Sivakumar" wrote:
>
> > I guess I have to do that way
> > So I have manually chk every time whether that user is authorized to
> access
> > this Action, rather then having it in struts-config.xml which is more
> > configurable
> >
> > -----Original Message-----
> > From: Edgar Dollin [mailto:Edgar@BLUE-MOOSE.NET]
> > Sent: Thursday, March 27, 2003 4:55 PM
> > To: 'Struts Users Mailing List'
> > Subject: RE: Actions based on Role
> >
> > If you use a filter, to filter actions based on role, the action wouldn't
> > have to know about security.  If your authentication sticks the user
> > information into the session, the action could make decisions based on the
> > user information.
> >
> > Edgar
> >
> > > -----Original Message-----
> > > From: Jagadeesan,Sivakumar
> > > [mailto:sivakumar.jagadeesan@dhs.state.tx.us]
> > > Sent: Thursday, March 27, 2003 3:50 PM
> > > To: 'Struts Users Mailing List'
> > > Subject: Actions based on Role
> > >
> > >
> > > I have web application where users could of three types (Roles)
> > >
> > > 1) Basic User
> > > 2) Silver User
> > > 3) Gold User
> > >
> > > According to Type / Role of user some actions could be
> > > performed or not performed.
> > >
> > > I could set in my stuts-config.xml, the role based access in
> > > Action Element
> > >
> > > I am having my own authentication System that uses the
> > > database . The User table has the userName and also the Role.
> > >
> > > I am not sure how could I create a Role that the Action is
> > > expecting , if I am using my own authentication
> > >
> > > Thanx
> > > --Siva Jagadeesan
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
> --
> NOTICE: If received in error, please destroy and notify sender.  Sender does
> not waive confidentiality or privilege, and use is prohibited.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org

--
NOTICE: If received in error, please destroy and notify sender.  Sender does not
waive confidentiality or privilege, and use is prohibited.



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message