Re: Link Display Logic
With OGNL you can call specific methods. So in my base action I have the
following:
public boolean isUserAuthorised(Integer actionId){
// here I get a handle to the authorisation code and test
// if the current user is authorised to execute the action
// if the user is aurthorised return true else return false
}
Then on my page I have the following
Hope it helps.
Z.
On 1/12/10 3:16 AM, "Biesbrock, Kevin" wrote:
>I figured it out. My interceptor was returning null instead of
>invocation.invoke()...n00b mistake. :)
>
>In your example, you invoke a specific method "isUserAuthorized()".
>What is the method named in your action? Is it "getIsUserAuthorized"?
>I have an action method "isAuthorized" and I have to invoke it e.g.,
>. If I change 'authorized' to
>'isAuthorized', then my else block is executed.
>
>
>Beez
>r 5347
>
>-Original Message-
>From: Biesbrock, Kevin
>Sent: Tuesday, November 30, 2010 11:06 AM
>To: 'Zoran Avtarovski'; 'Struts Users Mailing List'
>Subject: RE: Link Display Logic
>
>Thank you for the suggestion, Zoran! I guess I'm doing somewhat of a
>combination of what you and Dave suggested.
>
>I've been utilizing the Aware interfaces for my actions...I think it's
>similar to what you're suggesting with your base action class, just a
>different approach, if I understand correctly. The difference is that
>our UserInterceptor determines authorization level and sets the level on
>the action via a UserAware interface with a setAuthorizationLevel
>method.
>
>Then I have a jsp fragment that checks if they have the required
>authorization level. That jsp fragment is being included similarly to
>what I think Dave was suggesting, just using the standard s:action tag
>instead of writing my own custom tag.
>
>For some reason my s:action is being executed successfully, but it's not
>including the jsp fragment in my main jsp. I have the
>executeResult="true" attribute set. It worked for a minute and now it
>seems to just neglect to include it. I'm working on that right now.
>
>Thank you again for your suggestions! It definitely seems to be
>pointing me in a good direction! :)
>
>Sincerely,
>
>Beez
>
>-Original Message-
>From: Zoran Avtarovski [mailto:zo...@sparecreative.com]
>Sent: Monday, November 29, 2010 6:45 PM
>To: Struts Users Mailing List; Biesbrock, Kevin
>Subject: Re: Link Display Logic
>
>What we have implemented is a set of public authorisation methods in our
>base action which we call via ognl passing the actionId as the
>parameter.
>For example to test if a user should be shown the print report we have a
>isUserAuthorised(Integer actionId) method which we use as follows:
>Your stuff in here
>
>I have to say that I think this is one of the best aspects of OGNL as
>we're easily able to easily use server side authorisation with simple
>ajax calls.
>
>Z.
>
>On 30/11/10 5:41 AM, "Biesbrock, Kevin"
>wrote:
>
>>Hello users. I'm Kevin, first time caller, long time listener (Mr.
>>Obvious reference).
>>
>>I have two reports and need to display a link for each if the following
>
>>conditions are met:
>>1. The user is authorized to view the reports (they are secured),
>>and
>>2. The specific report currently exists
>>
>>Both of these conditions are determined via predefined methods (they
>>are "black boxes" to me).
>>
>>Following the MVC pattern, what is the best way to split up the display
>
>>logic of this such that my links are displaying to the appropriate
>>users when they exist?
>>
>>The links will display on the home page. So I thought about
>>determining these factors in the home action and wrapping s:if tags
>>around links to the reports. It seems simple enough, I was just
>>curious if there was a different and/or better approach.
>>
>>Thank you for your time,
>>Kevin - "Beez"
>
>
>
>
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
RE: Link Display Logic
I figured it out. My interceptor was returning null instead of invocation.invoke()...n00b mistake. :) In your example, you invoke a specific method "isUserAuthorized()". What is the method named in your action? Is it "getIsUserAuthorized"? I have an action method "isAuthorized" and I have to invoke it e.g., . If I change 'authorized' to 'isAuthorized', then my else block is executed. Beez r 5347 -Original Message- From: Biesbrock, Kevin Sent: Tuesday, November 30, 2010 11:06 AM To: 'Zoran Avtarovski'; 'Struts Users Mailing List' Subject: RE: Link Display Logic Thank you for the suggestion, Zoran! I guess I'm doing somewhat of a combination of what you and Dave suggested. I've been utilizing the Aware interfaces for my actions...I think it's similar to what you're suggesting with your base action class, just a different approach, if I understand correctly. The difference is that our UserInterceptor determines authorization level and sets the level on the action via a UserAware interface with a setAuthorizationLevel method. Then I have a jsp fragment that checks if they have the required authorization level. That jsp fragment is being included similarly to what I think Dave was suggesting, just using the standard s:action tag instead of writing my own custom tag. For some reason my s:action is being executed successfully, but it's not including the jsp fragment in my main jsp. I have the executeResult="true" attribute set. It worked for a minute and now it seems to just neglect to include it. I'm working on that right now. Thank you again for your suggestions! It definitely seems to be pointing me in a good direction! :) Sincerely, Beez -Original Message- From: Zoran Avtarovski [mailto:zo...@sparecreative.com] Sent: Monday, November 29, 2010 6:45 PM To: Struts Users Mailing List; Biesbrock, Kevin Subject: Re: Link Display Logic What we have implemented is a set of public authorisation methods in our base action which we call via ognl passing the actionId as the parameter. For example to test if a user should be shown the print report we have a isUserAuthorised(Integer actionId) method which we use as follows: Your stuff in here I have to say that I think this is one of the best aspects of OGNL as we're easily able to easily use server side authorisation with simple ajax calls. Z. On 30/11/10 5:41 AM, "Biesbrock, Kevin" wrote: >Hello users. I'm Kevin, first time caller, long time listener (Mr. >Obvious reference). > >I have two reports and need to display a link for each if the following >conditions are met: >1. The user is authorized to view the reports (they are secured), >and >2. The specific report currently exists > >Both of these conditions are determined via predefined methods (they >are "black boxes" to me). > >Following the MVC pattern, what is the best way to split up the display >logic of this such that my links are displaying to the appropriate >users when they exist? > >The links will display on the home page. So I thought about >determining these factors in the home action and wrapping s:if tags >around links to the reports. It seems simple enough, I was just >curious if there was a different and/or better approach. > >Thank you for your time, >Kevin - "Beez" - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Link Display Logic
Thank you for the suggestion, Zoran! I guess I'm doing somewhat of a combination of what you and Dave suggested. I've been utilizing the Aware interfaces for my actions...I think it's similar to what you're suggesting with your base action class, just a different approach, if I understand correctly. The difference is that our UserInterceptor determines authorization level and sets the level on the action via a UserAware interface with a setAuthorizationLevel method. Then I have a jsp fragment that checks if they have the required authorization level. That jsp fragment is being included similarly to what I think Dave was suggesting, just using the standard s:action tag instead of writing my own custom tag. For some reason my s:action is being executed successfully, but it's not including the jsp fragment in my main jsp. I have the executeResult="true" attribute set. It worked for a minute and now it seems to just neglect to include it. I'm working on that right now. Thank you again for your suggestions! It definitely seems to be pointing me in a good direction! :) Sincerely, Beez -Original Message- From: Zoran Avtarovski [mailto:zo...@sparecreative.com] Sent: Monday, November 29, 2010 6:45 PM To: Struts Users Mailing List; Biesbrock, Kevin Subject: Re: Link Display Logic What we have implemented is a set of public authorisation methods in our base action which we call via ognl passing the actionId as the parameter. For example to test if a user should be shown the print report we have a isUserAuthorised(Integer actionId) method which we use as follows: Your stuff in here I have to say that I think this is one of the best aspects of OGNL as we're easily able to easily use server side authorisation with simple ajax calls. Z. On 30/11/10 5:41 AM, "Biesbrock, Kevin" wrote: >Hello users. I'm Kevin, first time caller, long time listener (Mr. >Obvious reference). > >I have two reports and need to display a link for each if the following >conditions are met: >1. The user is authorized to view the reports (they are secured), >and >2. The specific report currently exists > >Both of these conditions are determined via predefined methods (they >are "black boxes" to me). > >Following the MVC pattern, what is the best way to split up the display >logic of this such that my links are displaying to the appropriate >users when they exist? > >The links will display on the home page. So I thought about >determining these factors in the home action and wrapping s:if tags >around links to the reports. It seems simple enough, I was just >curious if there was a different and/or better approach. > >Thank you for your time, >Kevin - "Beez" - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Link Display Logic
What we have implemented is a set of public authorisation methods in our base action which we call via ognl passing the actionId as the parameter. For example to test if a user should be shown the print report we have a isUserAuthorised(Integer actionId) method which we use as follows: Your stuff in here I have to say that I think this is one of the best aspects of OGNL as we're easily able to easily use server side authorisation with simple ajax calls. Z. On 30/11/10 5:41 AM, "Biesbrock, Kevin" wrote: >Hello users. I'm Kevin, first time caller, long time listener (Mr. >Obvious reference). > >I have two reports and need to display a link for each if the following >conditions are met: >1. The user is authorized to view the reports (they are secured), >and >2. The specific report currently exists > >Both of these conditions are determined via predefined methods (they are >"black boxes" to me). > >Following the MVC pattern, what is the best way to split up the display >logic of this such that my links are displaying to the appropriate users >when they exist? > >The links will display on the home page. So I thought about determining >these factors in the home action and wrapping s:if tags around links to >the reports. It seems simple enough, I was just curious if there was a >different and/or better approach. > >Thank you for your time, >Kevin - "Beez" - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Link Display Logic
Dave, Utilizing your suggestion, it sounds like it would be possible to utilize the s:action tag? I guess, what would your custom tag do? It sounds like, either way, you'd need to call the action from your jsp/view to return a jsp fragment with either the authorized links or nothing. Am I understanding that correctly? Beez -Original Message- From: Dave Newton [mailto:davelnew...@gmail.com] Sent: Monday, November 29, 2010 2:06 PM To: Struts Users Mailing List Subject: Re: Link Display Logic I'll generally expose permission info through an action (or whatever model makes it to the page) and use a custom tag to really clarify and narrow the purpose of that particular JSP/etc. logic. Other than that, though, not sure what else I'd really do, if I'm trying to stay within the S2 framework. Spring Security is another option. Dave On Mon, Nov 29, 2010 at 1:41 PM, Biesbrock, Kevin wrote: > Hello users. I'm Kevin, first time caller, long time listener (Mr. > Obvious reference). > > I have two reports and need to display a link for each if the > following conditions are met: >1. The user is authorized to view the reports (they are secured), > and >2. The specific report currently exists > > Both of these conditions are determined via predefined methods (they > are "black boxes" to me). > > Following the MVC pattern, what is the best way to split up the > display logic of this such that my links are displaying to the > appropriate users when they exist? > > The links will display on the home page. So I thought about > determining these factors in the home action and wrapping s:if tags > around links to the reports. It seems simple enough, I was just > curious if there was a different and/or better approach. > > Thank you for your time, > Kevin - "Beez" > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Link Display Logic
I'll generally expose permission info through an action (or whatever model makes it to the page) and use a custom tag to really clarify and narrow the purpose of that particular JSP/etc. logic. Other than that, though, not sure what else I'd really do, if I'm trying to stay within the S2 framework. Spring Security is another option. Dave On Mon, Nov 29, 2010 at 1:41 PM, Biesbrock, Kevin wrote: > Hello users. I'm Kevin, first time caller, long time listener (Mr. > Obvious reference). > > I have two reports and need to display a link for each if the following > conditions are met: >1. The user is authorized to view the reports (they are secured), > and >2. The specific report currently exists > > Both of these conditions are determined via predefined methods (they are > "black boxes" to me). > > Following the MVC pattern, what is the best way to split up the display > logic of this such that my links are displaying to the appropriate users > when they exist? > > The links will display on the home page. So I thought about determining > these factors in the home action and wrapping s:if tags around links to > the reports. It seems simple enough, I was just curious if there was a > different and/or better approach. > > Thank you for your time, > Kevin - "Beez" >
