struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nic Holbrook <mo...@xmission.com>
Subject Re: Servlet filter
Date Fri, 04 Jun 2004 14:56:22 GMT
I actually extended the Action class with a SecureAction class and 
created a Secure Action Mapping.  All actions that need to be secured 
extend this class.

In the struts config I have <set-property property="actionRole" 
value="40"/> for each action.  This way I validate at the role level for 
each action.  This works great since we build menus based on roles 
assigned to users.

Nic

Shilpa Vaidya wrote:

>hey all,
>Preventing users from accesing action. I am writing a web app to manage
>administrators and profiles.
>Administrators may access to the web app based on the profiles they have.
>The profiles, determine which pages the administrator might access. The
>profiles, and authorizations, might change online during work, so I need to
>check authorization to access a page (Action) on each access.If I understand
>correct, then, the actionServlet, first process the form bean, and then the
>action..
>But, if the user is not authorized to access a specific page (Action), I
>need to forward him to an UnAuthorized error page, before thr formAction
>bean is filled.
>I would like to use a servlet filter. This filter checks the users rights
>and instanciates a HttpServletRequest-Wrapper.But am not sure how - .Can
>anyone help.Till then me trying to study the ServletFilter examples here n
>there.
>Shilpa
>
>
>
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message