struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Sayre" <>
Subject Re: Custom user roles and Action
Date Mon, 06 Aug 2007 13:28:19 GMT
I wrote a "LoadApplication" action that executes after my user has
logged in.  It checks the database to see what roes they have and it
fills the session with a few variables such as

admin = true;
designer = false;  etc.

by default they are all false.

Then I wrote an interceptor that checked their access from the
session.  If they have access the Action they are requesting would
execute.  If they did not have access I would redirect them to the
main page.  You could also have the interceptor check the Database
directly.  I am not a security expert, but this should be more secure
than storing those values in session.  There will be more overhead in
checking the database before every action.

On 8/6/07, Jim Theodoridis <> wrote:
> Hello
> I am using my own security manager to  login to a struts application.
> I am looking for  a  way to fires an action only when a user logs in
> have the rights permissions
> Any suggestions?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message