http://securityfilter.sourceforge.net/
click on File item on the top right cornor. -Dan ----- Original Message ----- From: "Mike Duffy" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, March 27, 2003 8:55 PM Subject: Re: Actions based on Role > Mark, > > Do you have experience with security filter? Have you examined the > source code? > > I went to SourceForge to get the download. There was a JAR but no > source except for a limited implementation class. > > I would not want to implement a security filter without seeing the > source. > > Can anyone tell me where to find the source? > > Mike > > > --- Mark Zeltser <[EMAIL PROTECTED]> wrote: > > Siva, > > > > Take a look at authentication provided by web container. One of the > > reasons to > > use your own authentication is to make it deployable on any > > container. However, > > you can use securityfilter to make this transparent. > > > > Suggestion: search the archives on security/securityfilter. Spend > > some time > > understanding provided authentication mechanism. Usually, there is > > no need to > > reinvent the wheel. > > > > Mark. > > > > > > "Jagadeesan,Sivakumar" wrote: > > > > > Mark: > > > > > > It is a very simple system. The user logs into the system. The > > user role is > > > based on the what kind of membership that user is in. So the role > > for a user > > > will keep changing. So the only place I thought I could map the > > user to role > > > is in database. So it will be pure business logic rather then > > something I do > > > in deployment time. > > > > > > If I am wrong in my approach pls let me know how I could do this > > thanx > > > > > > --Siva Jagadeesan > > > > > > -----Original Message----- > > > From: Mark Zeltser [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 27, 2003 5:02 PM > > > To: Struts Users Mailing List > > > Subject: Re: Actions based on Role > > > > > > Why do you want to have your own authentication system? > > > > > > Mark. > > > > > > "Jagadeesan,Sivakumar" wrote: > > > > > > > I guess I have to do that way > > > > So I have manually chk every time whether that user is > > authorized to > > > access > > > > this Action, rather then having it in struts-config.xml which > > is more > > > > configurable > > > > > > > > -----Original Message----- > > > > From: Edgar Dollin [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, March 27, 2003 4:55 PM > > > > To: 'Struts Users Mailing List' > > > > Subject: RE: Actions based on Role > > > > > > > > If you use a filter, to filter actions based on role, the > > action wouldn't > > > > have to know about security. If your authentication sticks the > > user > > > > information into the session, the action could make decisions > > based on the > > > > user information. > > > > > > > > Edgar > > > > > > > > > -----Original Message----- > > > > > From: Jagadeesan,Sivakumar > > > > > [mailto:[EMAIL PROTECTED] > > > > > Sent: Thursday, March 27, 2003 3:50 PM > > > > > To: 'Struts Users Mailing List' > > > > > Subject: Actions based on Role > > > > > > > > > > > > > > > I have web application where users could of three types > > (Roles) > > > > > > > > > > 1) Basic User > > > > > 2) Silver User > > > > > 3) Gold User > > > > > > > > > > According to Type / Role of user some actions could be > > > > > performed or not performed. > > > > > > > > > > I could set in my stuts-config.xml, the role based access in > > > > > Action Element > > > > > > > > > > I am having my own authentication System that uses the > > > > > database . The User table has the userName and also the Role. > > > > > > > > > > I am not sure how could I create a Role that the Action is > > > > > expecting , if I am using my own authentication > > > > > > > > > > Thanx > > > > > --Siva Jagadeesan > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > -- > > > NOTICE: If received in error, please destroy and notify sender. > > Sender does > > > not waive confidentiality or privilege, and use is prohibited. > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > -- > > NOTICE: If received in error, please destroy and notify sender. > > Sender does not > > waive confidentiality or privilege, and use is prohibited. > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! > http://platinum.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
