there is a simple way to do this using current struts capabilities, but part
of it is a little bit of a hack... first, the struts dtd has a generic way
of setting properties. you can use this in an action mapping as follows:
<action path="/foo"
type="com.company.foo">
<set-property property="propName" value="propValue"/>
</action>
to use this, you need to override ActionMapping so that it has a
setPropName() method. (then in turn, you need to specify the ActionMapping
class in the xml config above.)
suppose that the property you're setting specifies a privilege and that if
the user doesn't have this specified privilege, you want to respond with
some sort of failure. you propose adding an additional config attribute to
the ActionMapping to specify how to react to this failure. but i would
suggest using the declarative exception handling to take care of this. in
your customized action class (which has special code for processing
privileges), the code that processes the privileges could throw an
InsuffientPrivilegeException (for example), and you could in turn configure
the action associated with this exception either globally or on a per action
basis in the struts-config file.
now, here's the hack part. what if you want to specify multiple privileges
for each action? in general, having:
<action path="/foo"
type="com.company.foo"
className="com.company.CustomActionMapping">
<set-property property="privilege" value="read"/>
<set-property property="privilege" value="write"/>
</action>
will not work, since it will amount to setPrivilege() in CustomActionMapping
being invoked twice, and the second invocation will be just overwrite the
first. you can get around this by implementing a list in you
CustomActionMapping class called privilegesList and implementing
setPrivilege() as:
public void setPrivilege(String privilege) { this.privilegesList.add(
privilege ); }
i would grant this isn't super elegant since you're sort of cheating on
property setting, but without a way to set multi-attribute values from the
config file, you gotta make do with what's there. plus, once you build this
into you customized ActionMapping and Action classes, you'll never have to
look at it again.
ab
ps - if anyone can suggest a way of constructing collections in the
struts-config.xml, send it my way... i'd love to know about it.
> -----Original Message-----
> From: Micah J. Schehl [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 09, 2002 2:30 PM
> To: [EMAIL PROTECTED]
> Subject: Declaritive Security Functionality
>
>
>
> I have implemented struts in some projects and have found a
> need for doing declarative security. Much like your
> role-based security, I would like to define the security in
> the struts config xml file, but I am looking at taking a step
> further. I would appreciate any advice or pointers. This
> will be my first time getting deep into the Struts source code.
>
> The problem I am trying to get a good solution for is
> redundant code checking conditions at the beginning of each
> action. If the user doesn't pass all the conditions then
> they are rejected from the page. The rejection would be
> configurable to either show as a "page not found" or would
> forward/redirect them to a specified page.
>
> Here is what I was thinking that the struts config file might
> look like.
>
> <security-checker name="roleCheck"
> class="com.schehl.security.IsUserInRole" />
>
> <action path="/showMain" type="com.schehl.main.webapp.MainAction">
> <security name="roleCheck">
> <param>
> <param-name>allow-roles</param-name>
> <param-value>admin</parm-value>
> </param>
> <param>
> <param-name>allow-users</param-name>
> <param-value>admin</parm-value>
> </param>
> <failure path="/pages/no-access.jsp"/>
> <!-- failure response="no page" / -->
> </security>
>
> <forward name="success" path="/pages/main.jsp" />
> </action>
>
>
> The class com.schehl.security.IsUserInRole would extend a
> class, com.strutssecurity.SecurityChecker, which would be
> responsible for setting the configuration parameters and
> would have a method boolean check(HttpRequest request) which
> would default to pass back true, but would be overridden to
> perform the checks.
>
> I thank you so much for any and all help, advice, or
> redirection you can give me.
>
> Thanks,
> Micah J. Schehl
>
>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
