struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Scheuerer <tabalo...@hispeed.ch>
Subject Design question regarding struts security features
Date Sun, 28 Dec 2003 23:37:05 GMT
Hello everybody,

I'm in the process of developing my first Struts application, so forgive 
me if this question is insulting everybody's intellect.

The application I'm working on is a support portal where you can 
download technical document, drivers etc. The tricky part is, that 
certain documents should be only accessible to users with a certain role.

My idea so far is to put a user object in the session and to evaluate 
the role (and therefore the access level) of the user for all views that 
are displaying  data which might be restricted.
I guess the easiest way would be using a jsp tag like 
<security:checkAccessLevel /> which would retrieve the user object from 
the session (if it exists) and the then filter the data accordingly. Is 
there such "security taglib" around?

Has anybody worked on a similar scenario? What is the best approach to 
solve this problem? Is there a best practice for it? Any tips, hints, 
code snippets are welcome.

Thank you very much.

Patrick


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message