You could always try <logic:present role="..."> :-)
Craig On Wed, 31 Jul 2002, Jacob Hookom wrote: > Date: Wed, 31 Jul 2002 01:17:02 -0500 > From: Jacob Hookom <[EMAIL PROTECTED]> > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> > To: 'Struts Users Mailing List' <[EMAIL PROTECTED]> > Subject: RE: Security and Struts > > I was reading the struts-template generated pages and they described a > security.tld; since I cannot find that and after reading the snippets > from David Geary's Javaworld article, it doesn't look too hard to do > your own tag that would simply do: > > private boolean roleIsValid() > { > return role == null || // valid if role isn't set > ((javax.servlet.http.HttpServletRequest) > pageContext.getRequest()).isUserInRole(role); > } > > <security:authenticate role="admin"> > // display whatever > </security:authenticate> > > I suppose if you wanted to do specialized realm authentication with my > below example: > > page.jsp?id=3 vs. page.jsp?id=4 > > You could do the same thing you do with OSCache and pattern matching. > Role would be 'PAGE.JSP_<%=request.getParameter("id")%>' and write a > filter or abstract it to work with tags also. > > It seems each week we have a new theme... authentication this week, > slowly trickling back into relational database mapping.... maybe the > next big question will be why it stings when I get shampoo in my eyes... > any takers? Eddie? > > Jacob Hookom > Comprehensive Computer Science > University of Wisconsin, Eau Claire > > > -----Original Message----- > From: Eddie Bush [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 11:45 PM > To: Struts Users Mailing List > Subject: Re: Security and Struts > > Jacob Hookom wrote: > > >I think the real issue is that realm authentication and filter > >authentication is context based. Aside from messing with tiles (great > >technology, just not interested) > > > :-) > > >what is pro quo for pageContext > >security if I use the same view for multiple items? > > > >IE, you can see page.jsp?id=3 but not page.jsp?id=4 > > > Very good question - you'd either allow/disallow access to page.jsp I > belive. In your case, you'd have to have something finer-grained. > > > > > > >Jacob Hookom > >Comprehensive Computer Science > >University of Wisconsin, Eau Claire > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>