If you made roles for each region, you could use them in that way too, however I think that would be too cumbersome.
A servlet filter is also a possibility, but also not optimal I think.
I would make the implementation depend on the data model rather than the authorisation scheme.
For instance in your data model, you can have sales associated with different regions. You can also have users associated with different regions. Therefore it will not be difficult to write SQL queries for your reports where the sales displayed are selected by user.
e.g. a junior salesman has an association with one region, but a sales manager would have links to several regions. The finance people would have links to all regions.
Hope that's clear, Adam
On 10/23/2003 04:05 AM Caroline Jen wrote:
My question is similar. I use container-managed
"role"-based security checking. I put "role" property
in Action Mapping and use isUserInRole in my JSPs. For example, John can view the sales reports if he has
the "sales role". Now, I want to further restrict John
to view the sales reports in is "region" only.
People say that I can use the servlet filter. I need guidance to see some examples.
--- Adam Hardy <[EMAIL PROTECTED]> wrote:
On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai wrote:
apologize for repeating my question again....I'm
newbie to Struts and hv basic doubt in security level implemented using Struts framework.
we are aware that in normal J2EE application we
are authenticating user based on user access level specified in web-app in web.xml(web container)
My Questions are
1.Are we following the same process of
authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application.
2.If yes to the above question Is there someother
way of authenticating a user available in Sturts? If so pls explain how you are authentication a user?
Yes to both: struts leverages the built-in container
managed security as specified by the servlet spec from Sun.
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
