struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Mikheev <mi...@bigfoot.com>
Subject Re: Access control with roles
Date Mon, 06 Aug 2007 23:04:05 GMT
Session A Mwamufiya wrote:
> Thanks for the replies guys, but is there an example that I can follow?  It seems to
me that a user's roles are defined in a request object, but I'm not sure how.  I'm continuing
to search online for examples.

Mapping roles to action is putting this into struts.xml:
   <action name="someAction" class="com.examples.SomeAction">
       <interceptor-ref name="completeStack"/>
       <interceptor-ref name="roles">
         <param name="allowedRoles">admin,member</param>
       </interceptor-ref>
       <result name="success">good_result.ftl</result>
   </action>

But your question is where do roles come from.
Please take a look into standard J2EE security mechanisms.
It will take some time to understand if you haven't seen it before.
Go to
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html
and read Chapter 32, web-tier in particular.
Other security mechanisms are available too, but that's another story.

Oleg

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message