Re: User Authentication implemented in Struts
If you made roles for each region, you could use them in that way too, however I think that would be too cumbersome. A servlet filter is also a possibility, but also not optimal I think. I would make the implementation depend on the data model rather than the authorisation scheme. For instance in your data model, you can have sales associated with different regions. You can also have users associated with different regions. Therefore it will not be difficult to write SQL queries for your reports where the sales displayed are selected by user. e.g. a junior salesman has an association with one region, but a sales manager would have links to several regions. The finance people would have links to all regions. Hope that's clear, Adam On 10/23/2003 04:05 AM Caroline Jen wrote: My question is similar. I use container-managed role-based security checking. I put role property in Action Mapping and use isUserInRole in my JSPs. For example, John can view the sales reports if he has the sales role. Now, I want to further restrict John to view the sales reports in is region only. People say that I can use the servlet filter. I need guidance to see some examples. --- Adam Hardy [EMAIL PROTECTED] wrote: On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai wrote: apologize for repeating my question againI'm newbie to Struts and hv basic doubt in security level implemented using Struts framework. we are aware that in normal J2EE application we are authenticating user based on user access level specified in web-app in web.xml(web container) My Questions are 1.Are we following the same process of authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application. 2.If yes to the above question Is there someother way of authenticating a user available in Sturts? If so pls explain how you are authentication a user? Yes to both: struts leverages the built-in container managed security as specified by the servlet spec from Sun. -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
User Authentication implemented in Struts
apologize for repeating my question againI'm newbie to Struts and hv basic doubt in security level implemented using Struts framework. we are aware that in normal J2EE application we are authenticating user based on user access level specified in web-app in web.xml(web container) My Questions are 1.Are we following the same process of authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application. 2.If yes to the above question Is there someother way of authenticating a user available in Sturts? If so pls explain how you are authentication a user? tnx in advance. Regards, -Ram - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: User Authentication implemented in Struts
On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai wrote: apologize for repeating my question againI'm newbie to Struts and hv basic doubt in security level implemented using Struts framework. we are aware that in normal J2EE application we are authenticating user based on user access level specified in web-app in web.xml(web container) My Questions are 1.Are we following the same process of authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application. 2.If yes to the above question Is there someother way of authenticating a user available in Sturts? If so pls explain how you are authentication a user? Yes to both: struts leverages the built-in container managed security as specified by the servlet spec from Sun. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: User Authentication implemented in Struts
My question is similar. I use container-managed role-based security checking. I put role property in Action Mapping and use isUserInRole in my JSPs. For example, John can view the sales reports if he has the sales role. Now, I want to further restrict John to view the sales reports in is region only. People say that I can use the servlet filter. I need guidance to see some examples. --- Adam Hardy [EMAIL PROTECTED] wrote: On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai wrote: apologize for repeating my question againI'm newbie to Struts and hv basic doubt in security level implemented using Struts framework. we are aware that in normal J2EE application we are authenticating user based on user access level specified in web-app in web.xml(web container) My Questions are 1.Are we following the same process of authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application. 2.If yes to the above question Is there someother way of authenticating a user available in Sturts? If so pls explain how you are authentication a user? Yes to both: struts leverages the built-in container managed security as specified by the servlet spec from Sun. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
