Thanks for your help, I've checked this links already and they didn help me much. What I want is (following your example below): when the user has the role uploader assigned to him he may call this action uploadfile. Now: where do I define the relation user/role? Do I use a JDBC/Realm?
If I want to check this relation in my application should I externd RequestProcessor? (I believe so).
If I don't want to extend the RequestProcessor, and use it as it is, where do I mantain the user/role relationship?
Kelly.
Paul-J Woodward wrote:
My understanding is:
The request processor will check on action roles if they are defined in your struts-config.xml file e.g.: <action path="/uploadfile" type="com.db.gci.ge.epg.actions.UploadFileAction" name="fileUploadForm" scope="request" validate="false" input="/uploadFile.jsp" roles="uploader"> </action>
If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method.
I'm currently looking into application-based security, this is all I have found so far: http://puneetdelhi.tripod.com/ http://www.junlu.com/msg/40353.html
If you need more help and noone else replies, I'll write what I have found in a few hours.
Paul ------------------------------------------------------------ Global Equity Derivatives Technology Deutsche Bank [/] Office +44 (0)20 754 55458 Mobile +44 (0)7736 299483 Fax +44 (0)20 7547 2752 ------------------------------------------------------------
Kelly Goedert <[EMAIL PROTECTED] To: Struts Users Mailing List <[EMAIL PROTECTED]> xxera.com> cc: Subject: RequestProcessor problem 30/12/2003 11:22 Please respond to "Struts Users Mailing List"
Can anyone give me an example on how to use the RequestProcessor?
I want to use the RequestProcessor to check on action roles. Do I have to subclass it? Or I can use it as it is? To use roles to I have to configure anything in the container too? Or just setting the roles parameter and using the RequestProcessor, will allow mw to check the roles that the user might have to access that action?
Thanks
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
