Re: RequestProcessor problem
Dependencies: struts servlet log4j plugincompanion log4j junit... I use a UserContainer to set login, roles and user variables. The RoleRequestProcessor tests the user roles against your struts defined roles... simple. I use it in order to have a simple role restriction on my actions... and in order to have a servlet container independent solution. Hope it helps, Pedro Salgado On 30/12/2003 17:01, "Kelly Goedert" <[EMAIL PROTECTED]> wrote: > If you can send it'll appreciate it. > > Pedro Salgado wrote: > >> On 30/12/2003 11:22, "Kelly Goedert" <[EMAIL PROTECTED]> wrote: >> >> >> >>> Can anyone give me an example on how to use the RequestProcessor? >>> >>> I want to use the RequestProcessor to check on action roles. Do I have >>> to subclass it? Or I can use it as it is? >>> To use roles to I have to configure anything in the container too? Or >>> just setting the roles parameter and using the RequestProcessor, will >>> allow mw to check the roles that the user might have to access that action? >>> >>> >> >> I made a framework for this purpose. If you want it I can send you the >> source so you can reuse in any way you like. >> >> Pedro Salgado >> >> >> >>> Thanks >>> >>> >>> - >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RequestProcessor problem
If you can send it'll appreciate it. Pedro Salgado wrote: On 30/12/2003 11:22, "Kelly Goedert" <[EMAIL PROTECTED]> wrote: Can anyone give me an example on how to use the RequestProcessor? I want to use the RequestProcessor to check on action roles. Do I have to subclass it? Or I can use it as it is? To use roles to I have to configure anything in the container too? Or just setting the roles parameter and using the RequestProcessor, will allow mw to check the roles that the user might have to access that action? I made a framework for this purpose. If you want it I can send you the source so you can reuse in any way you like. Pedro Salgado Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RequestProcessor problem
On 30/12/2003 11:22, "Kelly Goedert" <[EMAIL PROTECTED]> wrote: > Can anyone give me an example on how to use the RequestProcessor? > > I want to use the RequestProcessor to check on action roles. Do I have > to subclass it? Or I can use it as it is? > To use roles to I have to configure anything in the container too? Or > just setting the roles parameter and using the RequestProcessor, will > allow mw to check the roles that the user might have to access that action? I made a framework for this purpose. If you want it I can send you the source so you can reuse in any way you like. Pedro Salgado > > Thanks > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RequestProcessor problem
As you suggested I now trying to use JDBC/Realm: but I get the following error from tomcat HTTP Status 400 - User is not authorized to access action /login My server.xml is like this (I followed the tomcat docs): driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql://localhost/locadora?user=mysql&password=mysql" userTable="users" userNameCol="username" userCredCol="password" userRoleTable="userRoles" roleNameCol="rolename"/> The database is created in mysql like this: database name: locadora table users: columns: username, password which values are user, user table userRoles: columns: username, rolename which values are user, adm My struts-config.xml is like this: "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN" "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd"; > roles = "adm" type="LoginAction" name = "loginForm" scope="request" input="/index.jsp" validate="true"> name="continue" path="/principal.jsp"/> name="erro" path="/index.jsp"/> parameter="resources.application"/> Can anyone point me what I'm missing? Mohan Radhakrishnan wrote: You can use a vendor-specify API ( JDBC/Realm ) to map to user/role tables. You can also use the XML file ( tomcat-users.xml ) instead with hard-coded values. You don't have to extend RequestProcessor if you are using CMA. If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method. You can read the tomcat JDBC/Realm doc. in the apache site. It is similar for other containers. http://kb.atlassian.com/content/tutorials/jollem/orion-security-primer/ is another good site explaining OC4J roles. Mohan -Original Message- From: Kelly Goedert [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 5:26 PM To: Struts Users Mailing List Subject: Re: RequestProcessor problem Paul, Thanks for your help, I've checked this links already and they didn help me much. What I want is (following your example below): when the user has the role uploader assigned to him he may call this action uploadfile. Now: where do I define the relation user/role? Do I use a JDBC/Realm? If I want to check this relation in my application should I externd RequestProcessor? (I believe so). If I don't want to extend the RequestProcessor, and use it as it is, where do I mantain the user/role relationship? Kelly. Paul-J Woodward wrote: My understanding is: The request processor will check on action roles if they are defined in your struts-config.xml file e.g.: type="com.db.gci.ge.epg.actions.UploadFileAction" name="fileUploadForm" scope="request" validate="false" input="/uploadFile.jsp" roles="uploader"> If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method. I'm currently looking into application-based security, this is all I have found so far: http://puneetdelhi.tripod.com/ http://www.junlu.com/msg/40353.html If you need more help and noone else replies, I'll write what I have found in a few hours. Paul Global Equity Derivatives Technology Deutsche Bank [/] Office +44 (0)20 754 55458 Mobile +44 (0)7736 299483 Fax +44 (0)20 7547 2752 -------- Kelly Goedert <[EMAIL PROTECTED]To: Struts Users Mailing List <[EMAIL PROTECTED]> xxera.com> cc: Subject: RequestProcessor problem 30/12/2003 11:22 Please respond to "Struts Users Mailing List" Can anyone give me an example on how to use the RequestProcessor? I want to use the RequestProcessor to check on action roles. Do I have to subclass it? Or I can use it as it is? To use roles to I have to configure anything in the container too? Or just setting the roles parameter and using the RequestProcessor, will allow mw to check the roles that the user might have to access that action? Thanks
RE: RequestProcessor problem
You can use a vendor-specify API ( JDBC/Realm ) to map to user/role tables. You can also use the XML file ( tomcat-users.xml ) instead with hard-coded values. You don't have to extend RequestProcessor if you are using CMA. >If you want to do application based-security then you need to extend the >RequestProcessor and over-ride the processRoles() method. You can read the tomcat JDBC/Realm doc. in the apache site. It is similar for other containers. http://kb.atlassian.com/content/tutorials/jollem/orion-security-primer/ is another good site explaining OC4J roles. Mohan -Original Message- From: Kelly Goedert [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 5:26 PM To: Struts Users Mailing List Subject: Re: RequestProcessor problem Paul, Thanks for your help, I've checked this links already and they didn help me much. What I want is (following your example below): when the user has the role uploader assigned to him he may call this action uploadfile. Now: where do I define the relation user/role? Do I use a JDBC/Realm? If I want to check this relation in my application should I externd RequestProcessor? (I believe so). If I don't want to extend the RequestProcessor, and use it as it is, where do I mantain the user/role relationship? Kelly. Paul-J Woodward wrote: >My understanding is: > >The request processor will check on action roles if they are defined in your struts-config.xml file e.g.: > > > >If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method. > >I'm currently looking into application-based security, this is all I have found so far: >http://puneetdelhi.tripod.com/ >http://www.junlu.com/msg/40353.html > >If you need more help and noone else replies, I'll write what I have found in a few hours. > >Paul > >Global Equity Derivatives Technology >Deutsche Bank [/] >Office +44 (0)20 754 55458 >Mobile +44 (0)7736 299483 >Fax +44 (0)20 7547 2752 > > > > > Kelly Goedert > <[EMAIL PROTECTED]To: Struts Users Mailing List <[EMAIL PROTECTED]> > xxera.com> cc: > Subject: RequestProcessor problem > 30/12/2003 11:22 > Please respond to > "Struts Users > Mailing List" > > > > > > >Can anyone give me an example on how to use the RequestProcessor? > >I want to use the RequestProcessor to check on action roles. Do I have >to subclass it? Or I can use it as it is? >To use roles to I have to configure anything in the container too? Or >just setting the roles parameter and using the RequestProcessor, will >allow mw to check the roles that the user might have to access that action? > >Thanks > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > >-- > >This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RequestProcessor problem
Paul, Thanks for your help, I've checked this links already and they didn help me much. What I want is (following your example below): when the user has the role uploader assigned to him he may call this action uploadfile. Now: where do I define the relation user/role? Do I use a JDBC/Realm? If I want to check this relation in my application should I externd RequestProcessor? (I believe so). If I don't want to extend the RequestProcessor, and use it as it is, where do I mantain the user/role relationship? Kelly. Paul-J Woodward wrote: My understanding is: The request processor will check on action roles if they are defined in your struts-config.xml file e.g.: If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method. I'm currently looking into application-based security, this is all I have found so far: http://puneetdelhi.tripod.com/ http://www.junlu.com/msg/40353.html If you need more help and noone else replies, I'll write what I have found in a few hours. Paul Global Equity Derivatives Technology Deutsche Bank [/] Office +44 (0)20 754 55458 Mobile +44 (0)7736 299483 Fax +44 (0)20 7547 2752 Kelly Goedert <[EMAIL PROTECTED]To: Struts Users Mailing List <[EMAIL PROTECTED]> xxera.com> cc: Subject: RequestProcessor problem 30/12/2003 11:22 Please respond to "Struts Users Mailing List" Can anyone give me an example on how to use the RequestProcessor? I want to use the RequestProcessor to check on action roles. Do I have to subclass it? Or I can use it as it is? To use roles to I have to configure anything in the container too? Or just setting the roles parameter and using the RequestProcessor, will allow mw to check the roles that the user might have to access that action? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RequestProcessor problem
My understanding is: The request processor will check on action roles if they are defined in your struts-config.xml file e.g.: If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method. I'm currently looking into application-based security, this is all I have found so far: http://puneetdelhi.tripod.com/ http://www.junlu.com/msg/40353.html If you need more help and noone else replies, I'll write what I have found in a few hours. Paul Global Equity Derivatives Technology Deutsche Bank [/] Office +44 (0)20 754 55458 Mobile +44 (0)7736 299483 Fax +44 (0)20 7547 2752 Kelly Goedert <[EMAIL PROTECTED]To: Struts Users Mailing List <[EMAIL PROTECTED]> xxera.com> cc: Subject: RequestProcessor problem 30/12/2003 11:22 Please respond to "Struts Users Mailing List" Can anyone give me an example on how to use the RequestProcessor? I want to use the RequestProcessor to check on action roles. Do I have to subclass it? Or I can use it as it is? To use roles to I have to configure anything in the container too? Or just setting the roles parameter and using the RequestProcessor, will allow mw to check the roles that the user might have to access that action? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RequestProcessor problem
Can anyone give me an example on how to use the RequestProcessor? I want to use the RequestProcessor to check on action roles. Do I have to subclass it? Or I can use it as it is? To use roles to I have to configure anything in the container too? Or just setting the roles parameter and using the RequestProcessor, will allow mw to check the roles that the user might have to access that action? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]