struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cliff" <cl...@reinfo.com.hk>
Subject Re: Security question
Date Wed, 05 Jan 2005 02:19:05 GMT
Hi,

You may find some information in
http://pow2acl.sourceforge.net/

Good Luck
Cliff

----- Original Message ----- 
From: "Barnett, Brian W." <bbarnett@scholarinc.com>
To: "'Struts Users Mailing List'" <user@struts.apache.org>
Sent: Wednesday, January 05, 2005 4:50 AM
Subject: RE: Security question


> Well, I guess I'll proceed with that. Thank you.
>
> -----Original Message-----
> From: Chaikin, Yaakov Y. [mailto:YAAKOV.Y.CHAIKIN@saic.com]
> Sent: Tuesday, January 04, 2005 1:55 PM
> To: 'Struts Users Mailing List'
> Subject: RE: Security question
>
> I don't know of any other way than to programmatically check user's role
> inside your Action's method. There is no way to specify attributes in the
> <url-pattern> of the <security-constraint>. It just doesn't support such
> pattern matching.
>
> Yaakov.
>
> -----Original Message-----
> From: Jim Barrows [mailto:jbarrows@sssc.com]
> Sent: Tuesday, January 04, 2005 1:30 PM
> To: Struts Users Mailing List
> Subject: RE: Security question
>
>
> > -----Original Message-----
> > From: Barnett, Brian W. [mailto:bbarnett@scholarinc.com]
> > Sent: Tuesday, January 04, 2005 11:04 AM
> > To: 'Struts Users Mailing List'
> > Subject: Security question
> >
> >
> > I'm using LookupDispatchAction and role-based security. I
> > want to allow
> > certain roles to access certain dispatches of an action. I'm
> > not sure what
> > the best way to handle this is.
> >
> > Should I create separate Action classes? Is there a slick way
> > to specify
> > "dispatch level" security in web.xml?
>
> The container managed security is handled by URL.  Which might include
> parameters.
> If not you'll have to use one of the dispatch that requires a seperate URL
> to do this.
>
> Alternatively you'll have to put the security checks inside each method.
>
> >
> > Can someone point me to a good article(s) on using role-based
> > security in a
> > struts app that might address these issues?
> >
> > Thanks,
> > Brian
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message