You could always try <logic:present role="...">
:-)
Craig
On Wed, 31 Jul 2002, Jacob Hookom wrote:
> Date: Wed, 31 Jul 2002 01:17:02 -0500
> From: Jacob Hookom <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: 'Struts Users Mailing List' <[EMAIL PROTECTED]>
> Subject: RE: Security and Struts
>
> I was reading the struts-template generated pages and they described a
> security.tld; since I cannot find that and after reading the snippets
> from David Geary's Javaworld article, it doesn't look too hard to do
> your own tag that would simply do:
>
> private boolean roleIsValid()
> {
> return role == null || // valid if role isn't set
> ((javax.servlet.http.HttpServletRequest)
> pageContext.getRequest()).isUserInRole(role);
> }
>
> <security:authenticate role="admin">
> // display whatever
> </security:authenticate>
>
> I suppose if you wanted to do specialized realm authentication with my
> below example:
>
> page.jsp?id=3 vs. page.jsp?id=4
>
> You could do the same thing you do with OSCache and pattern matching.
> Role would be 'PAGE.JSP_<%=request.getParameter("id")%>' and write a
> filter or abstract it to work with tags also.
>
> It seems each week we have a new theme... authentication this week,
> slowly trickling back into relational database mapping.... maybe the
> next big question will be why it stings when I get shampoo in my eyes...
> any takers? Eddie?
>
> Jacob Hookom
> Comprehensive Computer Science
> University of Wisconsin, Eau Claire
>
>
> -----Original Message-----
> From: Eddie Bush [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 30, 2002 11:45 PM
> To: Struts Users Mailing List
> Subject: Re: Security and Struts
>
> Jacob Hookom wrote:
>
> >I think the real issue is that realm authentication and filter
> >authentication is context based. Aside from messing with tiles (great
> >technology, just not interested)
> >
> :-)
>
> >what is pro quo for pageContext
> >security if I use the same view for multiple items?
> >
> >IE, you can see page.jsp?id=3 but not page.jsp?id=4
> >
> Very good question - you'd either allow/disallow access to page.jsp I
> belive. In your case, you'd have to have something finer-grained.
>
> >
> >
> >Jacob Hookom
> >Comprehensive Computer Science
> >University of Wisconsin, Eau Claire
> >
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
