struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Sayre" <richardsa...@gmail.com>
Subject Re: Custom user roles and Action
Date Mon, 06 Aug 2007 13:28:19 GMT
I wrote a "LoadApplication" action that executes after my user has
logged in.  It checks the database to see what roes they have and it
fills the session with a few variables such as

admin = true;
designer = false;  etc.


by default they are all false.

Then I wrote an interceptor that checked their access from the
session.  If they have access the Action they are requesting would
execute.  If they did not have access I would redirect them to the
main page.  You could also have the interceptor check the Database
directly.  I am not a security expert, but this should be more secure
than storing those values in session.  There will be more overhead in
checking the database before every action.

On 8/6/07, Jim Theodoridis <struts@tera.gr> wrote:
> Hello
>
> I am using my own security manager to  login to a struts application.
> I am looking for  a  way to fires an action only when a user logs in
> have the rights permissions
>
> Any suggestions?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message