Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Struts: Access rights

 
Lakshmanan NS
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
Does anybody used / come across any framework or pattern which deals with access rights in struts. I am looking at something like given a URL and an event, we can define access rights for the logged in user whether he/she can access this functionality or not. Any thougts?
Lakshmanan
 
Darryl A. J. Staflund
Ranch Hand
Posts: 314
2
Android Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,
I am not sure of the exact type of authorization you are looking to put in place with your Struts application but I hope the following personal findings might be helpful:
1. User authentication is best implemented using JAAS.
2. Role-based authorization is best implemented using security configuration files. It can also be used in conjunction with Struts as described below.
3. Struts 1.1 implements action-based authorization. If you take a look at the struts-config.xml 1.1 DTD, you'll find that you authorize certain roles to execute Struts actions while denying others.
4. Struts 1.1 also impelements tiles-based authorization (if you're using its Tiles component.) In effect, Struts lets you authorize certain roles to display tiles while denying others. Look at the Tiles-related DTDs for more information on it.
5. If you need to perform more complex authorization checks at the action-level, you can subclass the RequestProcessor class and then override the default doRoles method.
Hope this helps.
Darryl
 
Lakshmanan NS
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Thanks for the reply. But we are still using Struts 1.0.2 as it is a stable release.
Lakshman
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic