At 12:17 PM 5/7/2001 -0700, you wrote: >Role-Based Action Execution. >Add the ability to require the current user to be in a >particular security role before they can execute a >particular action. I just wanted to pipe in here because we're integrating Struts into our stuff (Slowly!) The Expresso Framework http://www.jcorporate.com/ tackled this problem by creating a DB Security matrix. Each action in the controller is automatically registered with a security table and the admin can declare which user groups can access which action, as well as which permissions to access which database tables. It's done pretty transparently to the programmer. Hopefully, we'll actually have Struts integrated within the next .1 release. [People are building bridge classes as I speak], so maybe the security model in there can help somebody. -Mike
- Re: Potential Security Flaw i... Peter Alfors
- RE: Potential Security Flaw in Struts MVC Curt Hagenlocher
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts MVC William Jaynes
- RE: Potential Security Flaw in Struts MVC Christian Cryder
- Re: Potential Security Flaw in Struts MVC Bryan Field-Elliot
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts MVC Ted Husted
- Re: Potential Security Flaw in Struts MVC Peter Alfors
- RE: Potential Security Flaw in Struts MVC David Winterfeldt
- Re: Potential Security Flaw in Struts MVC Michael Rimov
- Re: Potential Security Flaw in Struts ... Peter Alfors
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts MVC Ted Husted
- Re: Potential Security Flaw in Struts ... Jeff Trent
- RE: Potential Security Flaw in Struts MVC Hogan, John
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- RE: Potential Security Flaw in Struts MVC Jason Chaffee
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- RE: Potential Security Flaw in Struts MVC Christian Cryder
- RE: Potential Security Flaw in Struts MVC Nanduri, Amarnath