Re: Actions based on Role
Mike, I have it up and running. The link to source was provided by Dan: http://securityfilter.sourceforge.net/, click on Files link on the bottom. Search archives, there is an example of setting it up using catalina JDBCRealm. Very little work is required to get it up and running and makes it tables driven and container independant. Mark. Mike Duffy wrote: Mark, Do you have experience with security filter? Have you examined the source code? I went to SourceForge to get the download. There was a JAR but no source except for a limited implementation class. I would not want to implement a security filter without seeing the source. Can anyone tell me where to find the source? Mike --- Mark Zeltser [EMAIL PROTECTED] wrote: Siva, Take a look at authentication provided by web container. One of the reasons to use your own authentication is to make it deployable on any container. However, you can use securityfilter to make this transparent. Suggestion: search the archives on security/securityfilter. Spend some time understanding provided authentication mechanism. Usually, there is no need to reinvent the wheel. Mark. Jagadeesan,Sivakumar wrote: Mark: It is a very simple system. The user logs into the system. The user role is based on the what kind of membership that user is in. So the role for a user will keep changing. So the only place I thought I could map the user to role is in database. So it will be pure business logic rather then something I do in deployment time. If I am wrong in my approach pls let me know how I could do this thanx --Siva Jagadeesan -Original Message- From: Mark Zeltser [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:02 PM To: Struts Users Mailing List Subject: Re: Actions based on Role Why do you want to have your own authentication system? Mark. Jagadeesan,Sivakumar wrote: I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
Actions based on Role
I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Actions based on Role
If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Actions based on Role
I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Actions based on Role
Why do you want to have your own authentication system? Mark. Jagadeesan,Sivakumar wrote: I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Actions based on Role
Jagadeesan,Sivakumar wrote: I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Struts in Action, ch 9, pg 260-261 9.2.2 ProcessRoles This shows how you can override the processRoles() method of RequestProcessor. It provides you with the request, response and action mapping. So you can get the roles in the struts-config.xml for the Action using mapping.getRoleNames(). You can the check that the user has one of the roles and return true or false. Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Actions based on Role
I have to look at this. I want something like this thanx Jason --Siva Jagadeesan -Original Message- From: Jason Lea [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:05 PM To: Struts Users Mailing List Subject: Re: Actions based on Role Jagadeesan,Sivakumar wrote: I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Struts in Action, ch 9, pg 260-261 9.2.2 ProcessRoles This shows how you can override the processRoles() method of RequestProcessor. It provides you with the request, response and action mapping. So you can get the roles in the struts-config.xml for the Action using mapping.getRoleNames(). You can the check that the user has one of the roles and return true or false. Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Actions based on Role
Mark: It is a very simple system. The user logs into the system. The user role is based on the what kind of membership that user is in. So the role for a user will keep changing. So the only place I thought I could map the user to role is in database. So it will be pure business logic rather then something I do in deployment time. If I am wrong in my approach pls let me know how I could do this thanx --Siva Jagadeesan -Original Message- From: Mark Zeltser [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:02 PM To: Struts Users Mailing List Subject: Re: Actions based on Role Why do you want to have your own authentication system? Mark. Jagadeesan,Sivakumar wrote: I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Actions based on Role
My first suggestion would be to look into container managed security, and after that look my filter-based clone of container-managed security, http://securityfilter.sourceforge.org/, that works the same (you don't have to change your app) but has a few little differences to get around things I didn't like with container-managed security. By using one of these solutions, you could use the Action role stuff in struts-config.xml. If you want to adapt your current security system and be able to use the struts-config.xml declarative roles stuff, you need to morph it into a filter so that you can wrap the HttpRequests that come in to implement request.isUserInRole(). request.getUserPrincipal() and request.getRemoteUser() are the two other most important methods to implement in your RequestWrapper class to allow Struts and other software to make use of the security info. Another alternative is to modify the Struts classes to make calls to your custom security infrastructure. Otherwise, you pretty much have to do all of your own programmatic security against whatever proprietary API your security system has. Also, the standard relationship between users and roles is many-to-many. A user can have many roles, and a role can be had by many users. If you want to harness the full power of this relationship, you'll need to drop the role column from your user table, add a role table, and add a user_role mapping table. Fortunately, it becomes pretty easy to use container-managed security with a schema like that, as you can use stuff like Tomcat's JDBCRealm. -Max - Original Message - From: Jagadeesan,Sivakumar [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 2:50 PM Subject: RE: Actions based on Role I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Actions based on Role
Thanx Max It was very educational -Original Message- From: Max Cooper [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:26 PM To: Struts Users Mailing List Subject: Re: Actions based on Role My first suggestion would be to look into container managed security, and after that look my filter-based clone of container-managed security, http://securityfilter.sourceforge.org/, that works the same (you don't have to change your app) but has a few little differences to get around things I didn't like with container-managed security. By using one of these solutions, you could use the Action role stuff in struts-config.xml. If you want to adapt your current security system and be able to use the struts-config.xml declarative roles stuff, you need to morph it into a filter so that you can wrap the HttpRequests that come in to implement request.isUserInRole(). request.getUserPrincipal() and request.getRemoteUser() are the two other most important methods to implement in your RequestWrapper class to allow Struts and other software to make use of the security info. Another alternative is to modify the Struts classes to make calls to your custom security infrastructure. Otherwise, you pretty much have to do all of your own programmatic security against whatever proprietary API your security system has. Also, the standard relationship between users and roles is many-to-many. A user can have many roles, and a role can be had by many users. If you want to harness the full power of this relationship, you'll need to drop the role column from your user table, add a role table, and add a user_role mapping table. Fortunately, it becomes pretty easy to use container-managed security with a schema like that, as you can use stuff like Tomcat's JDBCRealm. -Max - Original Message - From: Jagadeesan,Sivakumar [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 2:50 PM Subject: RE: Actions based on Role I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Actions based on Role
Siva, Take a look at authentication provided by web container. One of the reasons to use your own authentication is to make it deployable on any container. However, you can use securityfilter to make this transparent. Suggestion: search the archives on security/securityfilter. Spend some time understanding provided authentication mechanism. Usually, there is no need to reinvent the wheel. Mark. Jagadeesan,Sivakumar wrote: Mark: It is a very simple system. The user logs into the system. The user role is based on the what kind of membership that user is in. So the role for a user will keep changing. So the only place I thought I could map the user to role is in database. So it will be pure business logic rather then something I do in deployment time. If I am wrong in my approach pls let me know how I could do this thanx --Siva Jagadeesan -Original Message- From: Mark Zeltser [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:02 PM To: Struts Users Mailing List Subject: Re: Actions based on Role Why do you want to have your own authentication system? Mark. Jagadeesan,Sivakumar wrote: I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Actions based on Role
Mark, Do you have experience with security filter? Have you examined the source code? I went to SourceForge to get the download. There was a JAR but no source except for a limited implementation class. I would not want to implement a security filter without seeing the source. Can anyone tell me where to find the source? Mike --- Mark Zeltser [EMAIL PROTECTED] wrote: Siva, Take a look at authentication provided by web container. One of the reasons to use your own authentication is to make it deployable on any container. However, you can use securityfilter to make this transparent. Suggestion: search the archives on security/securityfilter. Spend some time understanding provided authentication mechanism. Usually, there is no need to reinvent the wheel. Mark. Jagadeesan,Sivakumar wrote: Mark: It is a very simple system. The user logs into the system. The user role is based on the what kind of membership that user is in. So the role for a user will keep changing. So the only place I thought I could map the user to role is in database. So it will be pure business logic rather then something I do in deployment time. If I am wrong in my approach pls let me know how I could do this thanx --Siva Jagadeesan -Original Message- From: Mark Zeltser [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:02 PM To: Struts Users Mailing List Subject: Re: Actions based on Role Why do you want to have your own authentication system? Mark. Jagadeesan,Sivakumar wrote: I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Actions based on Role
http://securityfilter.sourceforge.net/ click on File item on the top right cornor. -Dan - Original Message - From: Mike Duffy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:55 PM Subject: Re: Actions based on Role Mark, Do you have experience with security filter? Have you examined the source code? I went to SourceForge to get the download. There was a JAR but no source except for a limited implementation class. I would not want to implement a security filter without seeing the source. Can anyone tell me where to find the source? Mike --- Mark Zeltser [EMAIL PROTECTED] wrote: Siva, Take a look at authentication provided by web container. One of the reasons to use your own authentication is to make it deployable on any container. However, you can use securityfilter to make this transparent. Suggestion: search the archives on security/securityfilter. Spend some time understanding provided authentication mechanism. Usually, there is no need to reinvent the wheel. Mark. Jagadeesan,Sivakumar wrote: Mark: It is a very simple system. The user logs into the system. The user role is based on the what kind of membership that user is in. So the role for a user will keep changing. So the only place I thought I could map the user to role is in database. So it will be pure business logic rather then something I do in deployment time. If I am wrong in my approach pls let me know how I could do this thanx --Siva Jagadeesan -Original Message- From: Mark Zeltser [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 5:02 PM To: Struts Users Mailing List Subject: Re: Actions based on Role Why do you want to have your own authentication system? Mark. Jagadeesan,Sivakumar wrote: I guess I have to do that way So I have manually chk every time whether that user is authorized to access this Action, rather then having it in struts-config.xml which is more configurable -Original Message- From: Edgar Dollin [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 4:55 PM To: 'Struts Users Mailing List' Subject: RE: Actions based on Role If you use a filter, to filter actions based on role, the action wouldn't have to know about security. If your authentication sticks the user information into the session, the action could make decisions based on the user information. Edgar -Original Message- From: Jagadeesan,Sivakumar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 3:50 PM To: 'Struts Users Mailing List' Subject: Actions based on Role I have web application where users could of three types (Roles) 1) Basic User 2) Silver User 3) Gold User According to Type / Role of user some actions could be performed or not performed. I could set in my stuts-config.xml, the role based access in Action Element I am having my own authentication System that uses the database . The User table has the userName and also the Role. I am not sure how could I create a Role that the Action is expecting , if I am using my own authentication Thanx --Siva Jagadeesan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail