struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karr, David" <david.k...@attws.com>
Subject RE: Restrict acces to certain pages/actions
Date Wed, 04 Dec 2002 23:18:07 GMT
To some extent, you will always have to deal with some
container-specific configuration, no matter what you're trying to do.
Fortunately, integration of JAAS (Java Authentication and Authorization
System) can usually be done by plugging in some container-specific
configuration pieces, and letting the web container use that information
transparently.  As a result, you can segment your container-specific
information from your container-independent information.

> -----Original Message-----
> From: Steve Vanspall [mailto:steve@crmsoftware.com.au]
> Sent: Wednesday, December 04, 2002 3:12 PM
> To: Struts Users Mailing List
> Subject: RE: Restrict acces to certain pages/actions
> 
> 
> yeah, no the admin section is fine.
> 
> Pity struts doesn't have anything, in the process of a conversion from
> tomcat to websphere (business partnership thing), So I am 
> trying to get away
> from any container specific configurations.
> 
> 
> 
> -----Original Message-----
> From: Eddie Bush [mailto:ekbush@swbell.net]
> Sent: Thursday, 5 December 2002 11:06 AM
> To: Struts Users Mailing List
> Subject: Re: Restrict acces to certain pages/actions
> 
> 
> Struts doesn't provide any custom 
> authentication/authorization mechanism
> -- make use of that which is provided by your servlet 
> container (lookup
> container-managed authentication).  Once this is done, Struts does
> provide you ways to build selective content, based upon the 
> roles you've
> given to a user, through use of the taglibs etc.
> 
> ... so far as your administrative section goes - you can set 
> it up such
> that it does not even exist for users that do not have the 
> proper role.
>  (... and I mean that quite literally - the server will 
> return a 404 for
> unauthorized access!)
> 
> Steve Vanspall wrote:
> 
> >Hi there,
> >
> >I was wondering if struts had some mechanism to restrict 
> acces according to
> >user level.
> >
> >Basically our users may be of variying levels in our system. 
> From customer
> >to administrator.
> >
> >This is defined by a columns in a table in our database.
> >
> >Each user should have differing levels of access to the web app.
> >
> >For example a customer can change his/her setails, but not 
> search/view any
> >other customer.
> >
> >Naturally a customer also wont have access to the 
> administration section of
> >the web-app.
> >
> >I can code up a retriction system. But was wondering if 
> struts already had
> >one that I could cutomise for my own needs.
> >
> >Any help would be appreciated
> >
> >Regards
> >
> >Steve Vanspall
> >
> --
> Eddie Bush
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:struts-user-help@jakarta.apache.org>
> 
> 
> --
> To unsubscribe, e-mail:   
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message