On Tue, 11 Feb 2003 [EMAIL PROTECTED] wrote:
> Date: Tue, 11 Feb 2003 15:47:26 -0500
> From: [EMAIL PROTECTED]
> Reply-To: Struts Developers List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: ActionGuard tag
>
> I've developed a tag that we think has some usefulness in the presentation
> area. I am wondering if there is interest:
>
> The tag basically is an actionGuard
>
> <security:actionGuard actionPath="/remove/User"
> securityHelper="securityHelper" condition="true">
> Stuff that should only be seen if the user associated with this request is
> on the role specified in the action mapping of the struts-config.xml file.
> </security:actionGuard>
>
> The security helper is an interface with methods similar to that of the
> J2EE security: e.g. isUserInRole(), getRemoteUser(). The rational
> behind this was that we were using a third party security mechanism that
> we needed to adapt our code to.
>
> We have a J2EESecurityAdapter that implements this interface and passes
> requests on through.
>
> The obvious benefit to this was that we could modify our roles in the
> struts-config.xml file and then actions would magically appear/disappear
> in our JSP.
>
How does this compare to the (existing) facility of Struts to say
something like this in a JSP page?
<logic:present role="manager">
... show some stuff only managers should see ...
</logic:present>
Struts also lets you restrict actions to certain roles, by adding a
"roles" attribute on the <action> element.
> If there is any interest in this for Struts, please let me know.
>
> Brian
>
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
