struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralf Bode <ralleb...@yahoo.de>
Subject Security and Struts (JAAS?)
Date Fri, 04 Jun 2004 09:26:29 GMT
Hi, i have a portal based on struts.
and i have some public action.
(e.g for listing news and so on)
however.
my problem is the protected area.
i have two roles.
->customer
->supplier

both login via ONE Action
(i got their roles via their usernames...)
okay, i saved something in session
and did if(session...) in an action,
before a user (a logged in) could
do some stuff.

it works okay, but only
if the user enters a URL like
host:8080/trashApp/cust/addStuff.do
(for submitting a form)
i got validation.errors ...
because the execute() of my action is not called...

so i figured out, that i can use ROLES-attribute
for <action>. nice, but this is jaas, isn't it?

now the (for me) interessting point.
can i add a user (or roles) manually in my 
LogonAction.execute() ?
and when, how?

or how to deal generally?
with two user-roles and ONE-LogonAction.class ?

i also watched tomcat-app, that uses struts/jaas for
authorization, but only with ONE role.

so is there anyone out, how has a tip/solution
for me?

thanks alot!

Ralf


	

	
		
Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message