struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stasica, Grzegorz" <>
Subject RE: Changing Role Access to Actions on the Fly
Date Mon, 03 Jul 2006 09:44:58 GMT


Some time ago I was looking for an answer on the same question :)
Here is how I solved this issue.
1) All request goes though SecurityFilter (
2) Wrapped original request with this one
public class SecurityRequestWrapper extends
		org.securityfilter.filter.SecurityRequestWrapper {

	public static final char SESSION_ROLE_KEY='@';
	public static final String USER_INFO="userInfo";

	public SecurityRequestWrapper(HttpServletRequest arg0,
SavedRequest arg1,
			SecurityRealmInterface arg2, String arg3) {
		super(arg0, arg1, arg2, arg3);

	public boolean isUserInRole(String roleName) {
			if(principal!=null && roleKey!=null){
				Map roleMap=principal.getRoleMap();

				List roles=(List)roleMap.get(roleKey);
					StringTokenizer tokenizer=new


							return true;
			return false;
		return super.isUserInRole(roleName);	

and  modified doFilter method to use my Request Object
      HttpServletRequest hReq = (HttpServletRequest) request;
      HttpServletResponse hRes = (HttpServletResponse) response;
      SecurityRequestWrapper wrappedRequest;
... (the rest is coppied from SecurityFilter sources)

3) Created Principal interface implementation in SecurityFilterPrincipal
object with map property holding all userRoles
public class SecurityFilterPrincipal implements Principal,Serializable {

	private String name=null;
	private HashMap roleMap=null; //roleMap[key]=ArrayList(roles)

(just create getter and setters for properties)
4) Implemented SecurityRealmInterface interface
public class JDBCSecurityFilterRealm implements SecurityRealmInterface {
(find the source of this class in SecurityFilter)

.. change the login function to reflect your situation
(here I load all user roles but into my Principal's roleMap property)

5) The most important in all of this is implementation of isUserInRole
function (SecurityRequestWrapper object). The way you check your roles
there are up to you. In my case I put into the session some indicator
telling me which key in the rolesMap is the active one. In this way
although I'm not dynamically removing roles I switch them accordingly to
the situation.

Hope it's what you want.

-----Original Message-----
From: Paul Benedict []
Sent: Monday, July 03, 2006 11:18 AM
To: Struts Users Mailing List
Subject: Re: Changing Role Access to Actions on the Fly

I can say with mild confidence that the action mapping is "frozen" once
loaded, and changes to it during runtime cannot be made. Since roles are
part of a mapping, it cannot be done.

But don't let the framework stop you! Just because its automated
configuration features are frozen, doesn't mean you can't get around it.
If you are willing to perform explicit role checking inside the action,
then you can achieve what you're trying to do. Yes, you will be giving
up the XML configuration, but, you're doing something very special; I
don't even know if *ANY* framework allows something like this.

In my opinion, you might search for a better solution. Perhaps dynamic
role changing is a symptom of a bad design. For instance, instead of
changing the role mapping, update the roles the user actually has --
that's usually how security apps work: change the user, not the app :)


Thomas Joseph <> wrote: I couldnt see any
replies, thats why I am adding up these comments.

Actually I want the application users to create groups (roles), and then
assign access rights to various actions for this group. Later group
membership/access rights should be editable. This should be something
how we can do in Operating Systems.

Any help in this regard is highly appriciated.

Also tell if this is not possible

Thanks in advance.

Thomas Joseph

----- Original Message -----
From: "Thomas Joseph"
To: "Struts Users Mailing List"
Sent: Friday, June 30, 2006 5:37 PM
Subject: Changing Role Access to Actions on the Fly
> Hi all great brains,
> I would like my application to use roles to access any actions.
However, I
want to make access to these actions
> change while the application is running. User in a role could access a
particular action at one time, but not the
>  other time (when  change has been made). (I understand that role
access to the Action Mapping is static.)
> Is there any way I can do this.?
> Any pointers,... ideas ??
> Thanks in advance!!
> Thomas Joseph

To unsubscribe, e-mail:
For additional commands, e-mail:

Want to be your own boss? Learn how on  Yahoo! Small Business.


Note:  If the reader of this message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, you are hereby notified
that any dissemination, distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify us immediately by replying
to the message and deleting it from your computer. Thank you.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message