I will be more specific.
I now have the following implementation. It's not built with struts, but is built merely from servlets.
The application consists of a login page,main page and also bunch of other pages. when a user wants to do something it chooses one menu item from the main page, navigates through some pages and at the end is returned to the main page. ( I think it's the usual scenario for many web apps). The menu items are called "actions".
So I have a list of actions. Each action defines the role (It's the Oracle Database role) that a user (Oracle user) must have to access that action.
I also define which page is owned by which action. What that means. For example. If I have a menu.
Edit | |---Station |---Country
And I press on a Station link I might visit the following pages Station1,Station2 and so on.
I say that Station1,Station2 is owned by Station action.
It's important to say that Station1 can be visited from another action.
When a user is logged in I determine what actions it has based on his role and presenting him only that menu items. But if a user is clever
he can bypass this limitation and type directly the link to another page
that he is forbidden to access to.
I have a filter that is applied to all the servlets. This filter does the following job. It checks the user session. Extracts the actions that the user has. Determines what page user is trying to access. Determines the action this page is owned by and checks if the user has that action.
That's all. It's working fine. The only difficulty is that I need to track the relation between actions and pages during development.
My question is the following:
Is there a better pattern that I can use and If yes Can you provide me with more info? How can jaas help me in this situation?
Thank you very much.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]