RE: How to implements Role Based Access Control in Struts ?
Hi, I was just looking into Pow2ACL, I wonder if this solution is up to date, looks like the last release came out in 2002. It is said it is integrated with Struts, but if it is that old, I wonder if it does work with the last releases of Struts. Anybody using Pow2ACL with struts around here? I would really appreciate opinions about this product. Thanks -Message d'origine- De : David Friedman [mailto:[EMAIL PROTECTED] Envoyé : vendredi 25 juin 2004 03:51 À : Struts Users Mailing List Objet : RE: How to implements Role Based Access Control in Struts ? From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow [EMAIL PROTECTED] wrote: If container-managed security is to limiting for you but you still want to use the logic:present role=... tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use request.isUserInRole(...) etc. yet still allow a custom solution. shameless-plug I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. /shameless-plug Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that logic:present role=... in JSP page and role attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to implements Role Based Access Control in Struts ?
you may better try securityfilter.sf.net or jGurad Lesaint Sébastien wrote: Hi, I was just looking into Pow2ACL, I wonder if this solution is up to date, looks like the last release came out in 2002. It is said it is integrated with Struts, but if it is that old, I wonder if it does work with the last releases of Struts. Anybody using Pow2ACL with struts around here? I would really appreciate opinions about this product. Thanks -Message d'origine- De : David Friedman [mailto:[EMAIL PROTECTED] Envoyé : vendredi 25 juin 2004 03:51 À : Struts Users Mailing List Objet : RE: How to implements Role Based Access Control in Struts ? From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow [EMAIL PROTECTED] wrote: If container-managed security is to limiting for you but you still want to use the logic:present role=... tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use request.isUserInRole(...) etc. yet still allow a custom solution. shameless-plug I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. /shameless-plug Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that logic:present role=... in JSP page and role attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to implements Role Based Access Control in Struts ?
If container-managed security is to limiting for you but you still want to use the logic:present role=... tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use request.isUserInRole(...) etc. yet still allow a custom solution. shameless-plug I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. /shameless-plug Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that logic:present role=... in JSP page and role attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to implements Role Based Access Control in Struts ?
Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow [EMAIL PROTECTED] wrote: If container-managed security is to limiting for you but you still want to use the logic:present role=... tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use request.isUserInRole(...) etc. yet still allow a custom solution. shameless-plug I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. /shameless-plug Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that logic:present role=... in JSP page and role attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to implements Role Based Access Control in Struts ?
From a database? Pow2ACL. http://pow2acl.sourceforge.net -Original Message- From: javen fang [mailto:[EMAIL PROTECTED] Sent: Thursday, June 24, 2004 9:41 PM To: Struts Users Mailing List Subject: Re: How to implements Role Based Access Control in Struts ? Thank you, bill. I have seen the SecurityFilter project. It seems that it is replacer to Container Management Security, and it is based securityfilter-config.xml file. But I need to obtain roles information from database, my customer can insert a role, and determine which permission the role has. thanks all the same. Can you give me another advice? - javen fang --- Bill Siggelkow [EMAIL PROTECTED] wrote: If container-managed security is to limiting for you but you still want to use the logic:present role=... tag then you might want to look into SecurityFilter (http://securityfilter.sourceforge.net). There are a lot of pros and cons when choosing a security mechanism. SecurityFilter allows many conveniences offered by container-managed security (like being able to use request.isUserInRole(...) etc. yet still allow a custom solution. shameless-plug I provided the initial draft for the Struts Security chapter of Struts: The Complete Reference (Osborne) by James Holmes. I cover a lot of these details in this chapter. /shameless-plug Let me know if you have more specific questions: I will be glad to help :) Bill Siggelkow javen fang wrote: Hi , all: I have queried this mailing list, and I get some discusses about RBAC ( Role Based Access Control ) in struts. I understand that logic:present role=... in JSP page and role attribute in ActionMapping are all prepared with Container Management Access Control, etc, JDBCRealm. But it seems that what I need is not Container Management Access Control,because CMAC is configured in config file(etc, server.xml,web.xml) , but I want to let customer config user roles in dynamic way,and the user roles infomation is read from database. So,how can I implements RBAC with struts. can you give me some advice? thanks, javen __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
