RE: Security and Struts

Jacob Hookom Tue, 30 Jul 2002 22:53:07 -0700

I was reading the struts-template generated pages and they described a
security.tld; since I cannot find that and after reading the snippets
from David Geary's Javaworld article, it doesn't look too hard to do
your own tag that would simply do:


private boolean roleIsValid()
{
        return role == null || // valid if role isn't set
         ((javax.servlet.http.HttpServletRequest)
          pageContext.getRequest()).isUserInRole(role);
}

<security:authenticate role="admin">
        // display whatever
</security:authenticate>

I suppose if you wanted to do specialized realm authentication with my
below example:

page.jsp?id=3 vs. page.jsp?id=4

You could do the same thing you do with OSCache and pattern matching.
Role would be 'PAGE.JSP_<%=request.getParameter("id")%>' and write a
filter or abstract it to work with tags also.

It seems each week we have a new theme... authentication this week,
slowly trickling back into relational database mapping.... maybe the
next big question will be why it stings when I get shampoo in my eyes...
any takers? Eddie?

Jacob Hookom 
Comprehensive Computer Science 
University of Wisconsin, Eau Claire 


-----Original Message-----
From: Eddie Bush [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 30, 2002 11:45 PM
To: Struts Users Mailing List
Subject: Re: Security and Struts

Jacob Hookom wrote:

>I think the real issue is that realm authentication and filter
>authentication is context based.  Aside from messing with tiles (great
>technology, just not interested)
>
:-)

>what is pro quo for pageContext
>security if I use the same view for multiple items?
>
>IE, you can see page.jsp?id=3 but not page.jsp?id=4
>
Very good question - you'd either allow/disallow access to page.jsp I 
belive.  In your case, you'd have to have something finer-grained.

>
>
>Jacob Hookom 
>Comprehensive Computer Science 
>University of Wisconsin, Eau Claire 
>



--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Security and Struts

Reply via email to