Re: Where to add Access control
Instead of an action, perhaps a better approach is to have something like: public boolean hasPrivileges(HttpServletRequest request) { ... } which would check if a user or group has a privilege. I put a method like this in my BaseAction, which extends Action and other actions in my framework extend. This way hasPrivileges() is accessible from any action you write, then you can do something like this in your actions: if(!hasPrivileges()) return mapping.findForward(...); ...rest of action code here... and send them onto a page which tells them to buzz off. Nice thing about this is that if you want to change or add behavior, you don't mess with all the actions, just one method. R On Monday, Feb 17, 2003, at 08:37 US/Eastern, Rademacher Tobias wrote: Hi Folks, I want to add some access control in order to protected a site form a group of users. My application uses JAAS so I guess I have to write a PriviligedAction. Where do I have to add the invokation of this Action? Where is the best place in RequestProcessor in order to add such support? Thx and Bye Toby - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] R -- Robert S. Sfeir Senior Java Engineer National Institutes of Health Center for Information Technology Department of Enterprise Custom Applications [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to add Access control
Look at how Struts support web server roles. http://jakarta.apache.org/struts/userGuide/preface.html#jaas -Original Message- From: Rademacher Tobias [mailto:[EMAIL PROTECTED]] Sent: 17 February, 2003 15:37 To: '[EMAIL PROTECTED]' Subject: Where to add Access control Hi Folks, I want to add some access control in order to protected a site form a group of users. My application uses JAAS so I guess I have to write a PriviligedAction. Where do I have to add the invokation of this Action? Where is the best place in RequestProcessor in order to add such support? Thx and Bye Toby - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the company. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Standard Bank. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]