struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Joseph" <thomas.jos...@kottsoftware.com>
Subject Re: Changing Role Access to Actions on the Fly
Date Mon, 03 Jul 2006 10:42:32 GMT
Thanks Grzegorz,

That looks great!!!. Well, I will have to look into that.

Thanks again


Thomas Joseph


From: "Stasica, Grzegorz" <grzegorz.stasica@delphi.com>
To: "Struts Users Mailing List" <user@struts.apache.org>
Sent: Monday, July 03, 2006 3:14 PM
Subject: RE: Changing Role Access to Actions on the Fly



Hi,

Some time ago I was looking for an answer on the same question :)
Here is how I solved this issue.
1) All request goes though SecurityFilter (www.sf.net)
2) Wrapped original request with this one
public class SecurityRequestWrapper extends
org.securityfilter.filter.SecurityRequestWrapper {

public static final char SESSION_ROLE_KEY='@';
public static final String USER_INFO="userInfo";

public SecurityRequestWrapper(HttpServletRequest arg0,
SavedRequest arg1,
SecurityRealmInterface arg2, String arg3) {
super(arg0, arg1, arg2, arg3);
}

public boolean isUserInRole(String roleName) {
if(roleName.charAt(0)==SESSION_ROLE_KEY){
SecurityFilterPrincipal
principal=(SecurityFilterPrincipal)getUserPrincipal();
String
roleKey=(String)getSession().getAttribute(String.valueOf(SESSION_ROLE_KE
Y));
if(principal!=null && roleKey!=null){
Map roleMap=principal.getRoleMap();

List roles=(List)roleMap.get(roleKey);
if(roles!=null){
StringTokenizer tokenizer=new
StringTokenizer(roleName.substring(1),",");

while(tokenizer.hasMoreTokens()){


if(roles.contains(tokenizer.nextToken()))
return true;
}
}
}
return false;
}

return super.isUserInRole(roleName);
}
}

and  modified doFilter method to use my Request Object
...
doFilter(...){
      HttpServletRequest hReq = (HttpServletRequest) request;
      HttpServletResponse hRes = (HttpServletResponse) response;
      SecurityRequestWrapper wrappedRequest;
... (the rest is coppied from SecurityFilter sources)
}

3) Created Principal interface implementation in SecurityFilterPrincipal
object with map property holding all userRoles
public class SecurityFilterPrincipal implements Principal,Serializable {

private String name=null;
private HashMap roleMap=null; //roleMap[key]=ArrayList(roles)
..

(just create getter and setters for properties)
}
4) Implemented SecurityRealmInterface interface
public class JDBCSecurityFilterRealm implements SecurityRealmInterface {
..
(find the source of this class in SecurityFilter)

.. change the login function to reflect your situation
(here I load all user roles but into my Principal's roleMap property)
}

5) The most important in all of this is implementation of isUserInRole
function (SecurityRequestWrapper object). The way you check your roles
there are up to you. In my case I put into the session some indicator
telling me which key in the rolesMap is the active one. In this way
although I'm not dynamically removing roles I switch them accordingly to
the situation.


Hope it's what you want.



-----Original Message-----
From: Paul Benedict [mailto:paul4christ79@yahoo.com]
Sent: Monday, July 03, 2006 11:18 AM
To: Struts Users Mailing List
Subject: Re: Changing Role Access to Actions on the Fly

I can say with mild confidence that the action mapping is "frozen" once
loaded, and changes to it during runtime cannot be made. Since roles are
part of a mapping, it cannot be done.

But don't let the framework stop you! Just because its automated
configuration features are frozen, doesn't mean you can't get around it.
If you are willing to perform explicit role checking inside the action,
then you can achieve what you're trying to do. Yes, you will be giving
up the XML configuration, but, you're doing something very special; I
don't even know if *ANY* framework allows something like this.

In my opinion, you might search for a better solution. Perhaps dynamic
role changing is a symptom of a bad design. For instance, instead of
changing the role mapping, update the roles the user actually has --
that's usually how security apps work: change the user, not the app :)

Paul

Thomas Joseph <thomas.joseph@kottsoftware.com> wrote: I couldnt see any
replies, thats why I am adding up these comments.

Actually I want the application users to create groups (roles), and then
assign access rights to various actions for this group. Later group
membership/access rights should be editable. This should be something
like
how we can do in Operating Systems.

Any help in this regard is highly appriciated.

Also tell if this is not possible

Thanks in advance.

Thomas Joseph

----- Original Message -----
From: "Thomas Joseph"
To: "Struts Users Mailing List"
Sent: Friday, June 30, 2006 5:37 PM
Subject: Changing Role Access to Actions on the Fly
>
>
> Hi all great brains,
>
> I would like my application to use roles to access any actions.
However, I
want to make access to these actions
> change while the application is running. User in a role could access a
particular action at one time, but not the
>  other time (when  change has been made). (I understand that role
based
access to the Action Mapping is static.)
>
> Is there any way I can do this.?
>
> Any pointers,... ideas ??
>
> Thanks in advance!!
>
> Thomas Joseph



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org




---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business.


****************************************************************************
************

Note:  If the reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by replying to the
message and deleting it from your computer. Thank you.

****************************************************************************
************

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message