there is a simple way to do this using current struts capabilities, but part of it is a little bit of a hack... first, the struts dtd has a generic way of setting properties. you can use this in an action mapping as follows:
<action path="/foo" type="com.company.foo"> <set-property property="propName" value="propValue"/> </action> to use this, you need to override ActionMapping so that it has a setPropName() method. (then in turn, you need to specify the ActionMapping class in the xml config above.) suppose that the property you're setting specifies a privilege and that if the user doesn't have this specified privilege, you want to respond with some sort of failure. you propose adding an additional config attribute to the ActionMapping to specify how to react to this failure. but i would suggest using the declarative exception handling to take care of this. in your customized action class (which has special code for processing privileges), the code that processes the privileges could throw an InsuffientPrivilegeException (for example), and you could in turn configure the action associated with this exception either globally or on a per action basis in the struts-config file. now, here's the hack part. what if you want to specify multiple privileges for each action? in general, having: <action path="/foo" type="com.company.foo" className="com.company.CustomActionMapping"> <set-property property="privilege" value="read"/> <set-property property="privilege" value="write"/> </action> will not work, since it will amount to setPrivilege() in CustomActionMapping being invoked twice, and the second invocation will be just overwrite the first. you can get around this by implementing a list in you CustomActionMapping class called privilegesList and implementing setPrivilege() as: public void setPrivilege(String privilege) { this.privilegesList.add( privilege ); } i would grant this isn't super elegant since you're sort of cheating on property setting, but without a way to set multi-attribute values from the config file, you gotta make do with what's there. plus, once you build this into you customized ActionMapping and Action classes, you'll never have to look at it again. ab ps - if anyone can suggest a way of constructing collections in the struts-config.xml, send it my way... i'd love to know about it. > -----Original Message----- > From: Micah J. Schehl [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 09, 2002 2:30 PM > To: [EMAIL PROTECTED] > Subject: Declaritive Security Functionality > > > > I have implemented struts in some projects and have found a > need for doing declarative security. Much like your > role-based security, I would like to define the security in > the struts config xml file, but I am looking at taking a step > further. I would appreciate any advice or pointers. This > will be my first time getting deep into the Struts source code. > > The problem I am trying to get a good solution for is > redundant code checking conditions at the beginning of each > action. If the user doesn't pass all the conditions then > they are rejected from the page. The rejection would be > configurable to either show as a "page not found" or would > forward/redirect them to a specified page. > > Here is what I was thinking that the struts config file might > look like. > > <security-checker name="roleCheck" > class="com.schehl.security.IsUserInRole" /> > > <action path="/showMain" type="com.schehl.main.webapp.MainAction"> > <security name="roleCheck"> > <param> > <param-name>allow-roles</param-name> > <param-value>admin</parm-value> > </param> > <param> > <param-name>allow-users</param-name> > <param-value>admin</parm-value> > </param> > <failure path="/pages/no-access.jsp"/> > <!-- failure response="no page" / --> > </security> > > <forward name="success" path="/pages/main.jsp" /> > </action> > > > The class com.schehl.security.IsUserInRole would extend a > class, com.strutssecurity.SecurityChecker, which would be > responsible for setting the configuration parameters and > would have a method boolean check(HttpRequest request) which > would default to pass back true, but would be overridden to > perform the checks. > > I thank you so much for any and all help, advice, or > redirection you can give me. > > Thanks, > Micah J. Schehl > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>