struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chaikin, Yaakov Y." <YAAKOV.Y.CHAI...@saic.com>
Subject RE: Security question
Date Tue, 04 Jan 2005 20:54:50 GMT
I don't know of any other way than to programmatically check user's role
inside your Action's method. There is no way to specify attributes in the
<url-pattern> of the <security-constraint>. It just doesn't support such
pattern matching.

Yaakov.

-----Original Message-----
From: Jim Barrows [mailto:jbarrows@sssc.com]
Sent: Tuesday, January 04, 2005 1:30 PM
To: Struts Users Mailing List
Subject: RE: Security question


> -----Original Message-----
> From: Barnett, Brian W. [mailto:bbarnett@scholarinc.com]
> Sent: Tuesday, January 04, 2005 11:04 AM
> To: 'Struts Users Mailing List'
> Subject: Security question
>
>
> I'm using LookupDispatchAction and role-based security. I
> want to allow
> certain roles to access certain dispatches of an action. I'm
> not sure what
> the best way to handle this is.
>
> Should I create separate Action classes? Is there a slick way
> to specify
> "dispatch level" security in web.xml?

The container managed security is handled by URL.  Which might include
parameters.
If not you'll have to use one of the dispatch that requires a seperate URL
to do this.

Alternatively you'll have to put the security checks inside each method.

>
> Can someone point me to a good article(s) on using role-based
> security in a
> struts app that might address these issues?
>
> Thanks,
> Brian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message