struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "liu ji" <>
Subject Re: why not extend struts to support access control?
Date Sun, 26 Sep 2004 23:56:31 GMT

Thank Martin Cooper.
Struts-chain is the one I really need it!
It is the one I want to implement!
And the idea and the config of struts-chain is what did I think.

Does struts already support struts-chain?
Or you want to support it in struts?
Or it is only another project?

Ji Liu

>From: Martin Cooper <>
>Reply-To: Martin Cooper <>
>To: Struts Developers List <>
>Subject: Re: why not extend struts to support access control?
>Date: Sun, 26 Sep 2004 10:00:28 -0700
>On Sun, 26 Sep 2004 22:40:18 +0800, liu ji <> wrote:
> > I have just read the example.
> > I don't see any clue that ageci solved the problem.
> >
> > Although it can ensure the security in function level,it isn't very 
> >
> > I can security my system in a high level not function level.
> >
> > It also uses IOC which struts doesn't support.If I want to use it,I 
have to
> > use spring.
> >
> > Your example is the role checking.But the access control is more 
> > For example,when user A want to edit his information,the URL maybe like
> > this http://user/ use the id
> > parameter to get the profile of user A.Before doing that the 
> > should ensure whether the request is requested by user A.So the 
> > should compare the id parameter with the id property stored in the 
> >
> > Maybe more complex,for example,the id parameter indicate the order 
> > may have a lot of orderid,they can only edit the order which wasn't
> > shipped.How can ageci solve this?
> >
> > Sorry,I ask a lot of questions,and may of them are irrelevant to 
>They're not irrelevant, but I do think this discussion would be off on
>the user list rather than the dev list. There are many, many more
>people on that list, and I'm sure many of them have faced the same
>problem as you do and have implemented solutions to it. You'll get
>more ideas from people with experience in the problem if you ask your
>questions on that list.
>While I'm here, though, one option for you would be to use
>struts-chain, in contrib, which will allow you to add whatever
>security checks you need, at whatever stage in the processing of a
>request you need, or want.
>Martin Cooper
> >
> >
> > ==============================================
> > Ji Liu
> >
>To unsubscribe, e-mail:
>For additional commands, e-mail:

与联机的朋友进行交流,请使用 MSN Messenger:  

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message