hi,
i just read Craig's answer to denis' question and i was wondering if there
is some kind of "j2ee compliant" way of doing user auth and role-asignment -
are there any standards one is supposed to use
(i apologize for this offtopic question, since it's not an struts issue, i
guess)
today i always use my own user/roles tables in my (relational) database and
i am doing all these things "by hand, means by jdbc queries" - should i
change that?
any hint / pointer to doc / suggestions would be nice!
joe
----- Original Message -----
From: Craig R. McClanahan <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 27, 2000 6:37 PM
Subject: Re: Actions - design question
> Denis Hanson wrote:
>
> > Hi all,
> >
> > I am starting to move our existing web application to the struts
framework
> > and would like to ask a design question.
> >
> > Here's my problem. After logon, the application user is forwarded to one
of
> > three screens - sysadmin, admin, user. The screen used is determined by
the
> > user's role. (The three screens have no commonality, so I don't think I
can
> > use the one <forward name="success".../> action attrubute shown in the
> > example application.)
> >
> > I'm looking for some way to define the various paths in
struts-config.xml so
> > that the logon action class doesn't have hardcoded paths to the three
> > role-based screens.
> >
> > Do I need to create my own ActionMapping class and add additional
<forward
> > name=/> entries, or is there some other way to do this?
> >
>
> Because we're talking about "what does the logon action forward to", you
won't
> need any additional action definitions. However, you might want some
additional
> forwards defined. For concreteness, let's assume that your three roles
are
> named "admin", "manager", and "user".
>
> One approach to this would be to define, nested within the <action>
element for
> the login action, some forwards that are specific to only this action:
>
> <struts-config>
> ...
> <action-mappings>
> ...
> <action path="/login"
type="com.mycompany.mypackage.LoginAction">
> <forward name="admin" path="/adminMainMenu.jsp"/>
> <forward name="manager" path="/customerMainMenu.jsp"/>
> <forward name="user" path="/usrMainMenu.jsp"/>
> </action>
> ...
> </action-mappings>
> ...
> </struts-config>
>
> In this scenario, you can do the following at the end of the login action:
>
> String role = ... look up the role for this user ...
> return (mapping.findForward(role));
>
> to forward control to the menu for your user, without the action having to
know
> what the JSP page name is -- only the role name.
>
> In the example above, the forwards "admin", "manager", and "user" are
defined
> locally for this particular action, and are not visible to any other
action.
> You can also define global forwards by nesting them in the
<global-forwards>
> section instead. When the findForward() method is executed, it searches
first
> in the local forwards for this particular action, and then in the global
> forwards.
>
>
> >
> > Thanks,
> >
> > Denis Hanson
>
> Craig McClanahan
>
>