SV: How to implements Role Based Access Control in Struts ?
Hi There is database support in SecurityFilter Hermod -Opprinnelig melding- Fra: Lesaint Sébastien [mailto:[EMAIL PROTECTED] Sendt: 25. juni 2004 11:05 Til: Struts Users Mailing List Emne: RE: How to implements Role Based Access Control in Struts ? Hi, I was just looking into Pow2ACL, I wonder if this solution is up to date, looks like the last release came out in 2002. It is said it is integrated with Struts, but if it is that old, I wonder if it does work with the last releases of Struts. Anybody using Pow2ACL with struts around here? I would really appreciate opinions about this product. Thanks -Message d'origine- De : David Friedman [mailto:[EMAIL PROTECTED] Envoyé : vendredi 25 juin 2004 03:51 À : Struts Users Mailing List Objet : RE: How to implements Role Based Access Control in Struts ? >From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow <[EMAIL PROTECTED]> wrote: > If container-managed security is to limiting for you > but you still want > to use the tag then you > might want to look > into SecurityFilter > (http://securityfilter.sourceforge.net). There are a > > lot of pros and cons when choosing a security > mechanism. SecurityFilter > allows many conveniences offered by > container-managed security (like > being able to use "request.isUserInRole(...)" etc. > yet still allow a > custom solution. > > > I provided the initial draft for the Struts Security > chapter of Struts: > The Complete Reference (Osborne) by James Holmes. I > cover a lot of these >details in this chapter. > > > Let me know if you have more specific questions: I > will be glad to help :) > > Bill Siggelkow > > javen fang wrote: > > > Hi , all: > > > > I have queried this mailing list, and I get some > > discusses about RBAC ( Role Based Access Control ) > in > > struts. I understand that role="..."> > > in JSP page and "role" attribute in ActionMapping > are > > all prepared with Container Management Access > Control, > > etc, JDBCRealm. > > > > But it seems that what I need is not Container > > Management Access Control,because CMAC is > configured > > in config file(etc, server.xml,web.xml) , but I > want > > to let customer config user roles in dynamic > way,and > > the user roles infomation is read from database. > > > > So,how can I implements RBAC with struts. can you > give > > me some advice? > > > > thanks, javen > > > > > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - 50x more storage than other > providers! > > http://promotions.yahoo.com/new_mail > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * This email with attachments is solely for the use of the individual or entity to whom it is addressed. Please also be aware that DnB NOR cannot accept any payment orders or other legally binding correspondence with customers as a part of an email. This email message has been virus checked by the virus programs used in the DnB NOR Group. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to implements Role Based Access Control in Struts ?
you may better try securityfilter.sf.net or jGurad Lesaint Sébastien wrote: Hi, I was just looking into Pow2ACL, I wonder if this solution is up to date, looks like the last release came out in 2002. It is said it is integrated with Struts, but if it is that old, I wonder if it does work with the last releases of Struts. Anybody using Pow2ACL with struts around here? I would really appreciate opinions about this product. Thanks -Message d'origine- De : David Friedman [mailto:[EMAIL PROTECTED] Envoyé : vendredi 25 juin 2004 03:51 À : Struts Users Mailing List Objet : RE: How to implements Role Based Access Control in Struts ? From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow <[EMAIL PROTECTED]> wrote: If container-managed security is to limiting for you but you still want to use the tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use "request.isUserInRole(...)" etc. yet still allow a custom solution. I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that role="..."> in JSP page and "role" attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to implements Role Based Access Control in Struts ?
Hi, I was just looking into Pow2ACL, I wonder if this solution is up to date, looks like the last release came out in 2002. It is said it is integrated with Struts, but if it is that old, I wonder if it does work with the last releases of Struts. Anybody using Pow2ACL with struts around here? I would really appreciate opinions about this product. Thanks -Message d'origine- De : David Friedman [mailto:[EMAIL PROTECTED] Envoyé : vendredi 25 juin 2004 03:51 À : Struts Users Mailing List Objet : RE: How to implements Role Based Access Control in Struts ? >From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow <[EMAIL PROTECTED]> wrote: > If container-managed security is to limiting for you > but you still want > to use the tag then you > might want to look > into SecurityFilter > (http://securityfilter.sourceforge.net). There are a > > lot of pros and cons when choosing a security > mechanism. SecurityFilter > allows many conveniences offered by > container-managed security (like > being able to use "request.isUserInRole(...)" etc. > yet still allow a > custom solution. > > > I provided the initial draft for the Struts Security > chapter of Struts: > The Complete Reference (Osborne) by James Holmes. I > cover a lot of these >details in this chapter. > > > Let me know if you have more specific questions: I > will be glad to help :) > > Bill Siggelkow > > javen fang wrote: > > > Hi , all: > > > > I have queried this mailing list, and I get some > > discusses about RBAC ( Role Based Access Control ) > in > > struts. I understand that role="..."> > > in JSP page and "role" attribute in ActionMapping > are > > all prepared with Container Management Access > Control, > > etc, JDBCRealm. > > > > But it seems that what I need is not Container > > Management Access Control,because CMAC is > configured > > in config file(etc, server.xml,web.xml) , but I > want > > to let customer config user roles in dynamic > way,and > > the user roles infomation is read from database. > > > > So,how can I implements RBAC with struts. can you > give > > me some advice? > > > > thanks, javen > > > > > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - 50x more storage than other > providers! > > http://promotions.yahoo.com/new_mail > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to implements Role Based Access Control in Struts ?
>From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow <[EMAIL PROTECTED]> wrote: > If container-managed security is to limiting for you > but you still want > to use the tag then you > might want to look > into SecurityFilter > (http://securityfilter.sourceforge.net). There are a > > lot of pros and cons when choosing a security > mechanism. SecurityFilter > allows many conveniences offered by > container-managed security (like > being able to use "request.isUserInRole(...)" etc. > yet still allow a > custom solution. > > > I provided the initial draft for the Struts Security > chapter of Struts: > The Complete Reference (Osborne) by James Holmes. I > cover a lot of these >details in this chapter. > > > Let me know if you have more specific questions: I > will be glad to help :) > > Bill Siggelkow > > javen fang wrote: > > > Hi , all: > > > > I have queried this mailing list, and I get some > > discusses about RBAC ( Role Based Access Control ) > in > > struts. I understand that role="..."> > > in JSP page and "role" attribute in ActionMapping > are > > all prepared with Container Management Access > Control, > > etc, JDBCRealm. > > > > But it seems that what I need is not Container > > Management Access Control,because CMAC is > configured > > in config file(etc, server.xml,web.xml) , but I > want > > to let customer config user roles in dynamic > way,and > > the user roles infomation is read from database. > > > > So,how can I implements RBAC with struts. can you > give > > me some advice? > > > > thanks, javen > > > > > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - 50x more storage than other > providers! > > http://promotions.yahoo.com/new_mail > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to implements Role Based Access Control in Struts ?
Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow <[EMAIL PROTECTED]> wrote: > If container-managed security is to limiting for you > but you still want > to use the tag then you > might want to look > into SecurityFilter > (http://securityfilter.sourceforge.net). There are a > > lot of pros and cons when choosing a security > mechanism. SecurityFilter > allows many conveniences offered by > container-managed security (like > being able to use "request.isUserInRole(...)" etc. > yet still allow a > custom solution. > > > I provided the initial draft for the Struts Security > chapter of Struts: > The Complete Reference (Osborne) by James Holmes. I > cover a lot of these >details in this chapter. > > > Let me know if you have more specific questions: I > will be glad to help :) > > Bill Siggelkow > > javen fang wrote: > > > Hi , all: > > > > I have queried this mailing list, and I get some > > discusses about RBAC ( Role Based Access Control ) > in > > struts. I understand that role="..."> > > in JSP page and "role" attribute in ActionMapping > are > > all prepared with Container Management Access > Control, > > etc, JDBCRealm. > > > > But it seems that what I need is not Container > > Management Access Control,because CMAC is > configured > > in config file(etc, server.xml,web.xml) , but I > want > > to let customer config user roles in dynamic > way,and > > the user roles infomation is read from database. > > > > So,how can I implements RBAC with struts. can you > give > > me some advice? > > > > thanks, javen > > > > > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - 50x more storage than other > providers! > > http://promotions.yahoo.com/new_mail > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to implements Role Based Access Control in Struts ?
If container-managed security is to limiting for you but you still want to use the tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use "request.isUserInRole(...)" etc. yet still allow a custom solution. I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that in JSP page and "role" attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to implements Role Based Access Control in Struts ?
Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that in JSP page and "role" attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]