On 1/18/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
(Rearranged a bit)
> 3. Is there a easy way to adjust struts-menu so it will take the
> menu-to-roles data from a my database instead of from menu-config?
Apparently this is possible-- the release notes for version 2.2 mention it:
http://str
@struts.apache.org; Rivka Shisman
Subject: Re: Enabling links according to user's authorization
On 1/17/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
Wendy wrote:
> > I use Struts Menu to conditionally display menu items based on user
> > roles. Rather than configure the container
On 1/17/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
Wendy wrote:
> > I use Struts Menu to conditionally display menu items based on user
> > roles. Rather than configure the container to handle it, I have a
> > Filter that wraps the request, and the request wrapper overrides the
> > isUserInRole
, 2006 6:01 PM
To: Struts Users Mailing List
Cc: Rivka Shisman
Subject: Re: Enabling links according to user's authorization
Rivka,
Great question. What I have done in the past (and maybe there are better
ways) is to:
1) When the user logs into the application, I cache off the users role
as
Rivka Shisman wrote:
> Can you please send an example code of overloading the processRoles
> method? And also the relevant part in struts config file?
>
Too busy right now, but
http://www.onjava.com/pub/a/onjava/2004/11/10/ExtendingStruts.html might
give you enough info to start on your own.
As
Brian Trzupek wrote:
> Great question. What I have done in the past (and maybe there are
> better ways) is to:
> 1) When the user logs into the application, I cache off the users role
> as well as other attributes (usually in a small User object in
> session). thes attributes are the result of load
Rivka,
Great question. What I have done in the past (and maybe there are better ways)
is to:
1) When the user logs into the application, I cache off the users role as well
as other attributes (usually in a small User object in session). thes
attributes are the result of loading the User and at
Hi,
To check the users access the best approach is to check the access on the
action by giving the roles attributes in the Struts Config and overriding
the processRoles() method of action class.
In addition to this if you want to limit weather a link is dispalyed to the
user or not you can take h
While login itself you can have the permissions in the session and based on the
permissions you can hide the links. Just for one variable i think there is no
need to call the database.use can use or for
this.
-Original message-
From: "Rivka Shisman" [EMAIL PROTECTED]
Date: Wed, 11 Jan
On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
> From what i know, i can hold a DB table that indicates for each user and
> table - which operations are allowed.
> But, my question is - what is the right way to do that on the JSP page?
> Do i call this security table on each page load and hi
Evans [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 3:25 PM
To: Struts Users Mailing List
Subject: Re: Enabling links according to user's authorization
Hi Rivka,
You could hide the links by creating a custom tag that only evaluates its body content if the
current user has th
ure I understand the User bean structure, can you please send
it?
Thanks a lot
Rivka
-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Danny Lee
Sent: Wednesday, January 11, 2006 3:48 PM
To: user@struts.apache.org
Subject: Re: Enabling links according to user's aut
erent combination of links?
>
> Thanks
> Rivka
>
>
> -Original Message-
> From: Gareth Evans [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 11, 2006 2:59 PM
> To: Struts Users Mailing List
> Subject: Re: Enabling links according to user's authorization
e each version shows different combination of links?
>
> Thanks
> Rivka
>
>
> -Original Message-
> From: Gareth Evans [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 11, 2006 2:59 PM
> To: Struts Users Mailing List
> Subject: Re: Enabling links according to user&#x
Do it simple,
put a User bean into session scope just after user loged-in.
Every user have a User.PERMISSIONS property.
Then in JSP you do surround the links with JSTL
the link, otherwise not.
In all Actions you check the User too, and if there a problem (which
means he put the forbiden actio
EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 2:59 PM
To: Struts Users Mailing List
Subject: Re: Enabling links according to user's authorization
In addition to hiding the links, extend the requestprocessor to check against the current user and
your security table. If permission is deni
s Users Mailing List
Subject: Re: Enabling links according to user's authorization
In addition to hiding the links, extend the requestprocessor to check against
the current user and
your security table. If permission is denied you could forward to a different
page.
the best place
In addition to hiding the links, extend the requestprocessor to check against the current user and
your security table. If permission is denied you could forward to a different page.
the best place to do this is in the processPreprocess(HttpServletRequest, HttpServletResponse )
method.
Just
Well, of course each action should have its control of the access.
I meant: hide the links and control through the actions, so no one will
access them with a direct link.
On 1/11/06, Thomas Joseph <[EMAIL PROTECTED]> wrote:
>
> > Hide the links.This way, you won't let him lose time trying to acces
> Hide the links.This way, you won't let him lose time trying to access things
> he can't and his view of the interface will be more clear.
>
But that won't do good, if for clever people, who would play with the URLs with
their limited access rights and access what is not meant for them. Probably
Hide the links.This way, you won't let him lose time trying to access things
he can't and his view of the interface will be more clear.
On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
>
> Hi everyone,
>
> We have a web application running on Websphere Application Server V6.
> Say I have a JSP
21 matches
Mail list logo
