You can use a vendor-specify API ( JDBC/Realm ) to map to user/role tables. You can also use the XML file ( tomcat-users.xml ) instead with hard-coded values. You don't have to extend RequestProcessor if you are using CMA.
>If you want to do application based-security then you need to extend the >RequestProcessor and over-ride the processRoles() method. You can read the tomcat JDBC/Realm doc. in the apache site. It is similar for other containers. http://kb.atlassian.com/content/tutorials/jollem/orion-security-primer/ is another good site explaining OC4J roles. Mohan -----Original Message----- From: Kelly Goedert [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 5:26 PM To: Struts Users Mailing List Subject: Re: RequestProcessor problem Paul, Thanks for your help, I've checked this links already and they didn help me much. What I want is (following your example below): when the user has the role uploader assigned to him he may call this action uploadfile. Now: where do I define the relation user/role? Do I use a JDBC/Realm? If I want to check this relation in my application should I externd RequestProcessor? (I believe so). If I don't want to extend the RequestProcessor, and use it as it is, where do I mantain the user/role relationship? Kelly. Paul-J Woodward wrote: >My understanding is: > >The request processor will check on action roles if they are defined in your struts-config.xml file e.g.: ><action path="/uploadfile" type="com.db.gci.ge.epg.actions.UploadFileAction" name="fileUploadForm" scope="request" validate="false" input="/uploadFile.jsp" roles="uploader"> ></action> > >If you want to do application based-security then you need to extend the RequestProcessor and over-ride the processRoles() method. > >I'm currently looking into application-based security, this is all I have found so far: >http://puneetdelhi.tripod.com/ >http://www.junlu.com/msg/40353.html > >If you need more help and noone else replies, I'll write what I have found in a few hours. > >Paul >------------------------------------------------------------ >Global Equity Derivatives Technology >Deutsche Bank [/] >Office +44 (0)20 754 55458 >Mobile +44 (0)7736 299483 >Fax +44 (0)20 7547 2752 >------------------------------------------------------------ > > > > Kelly Goedert > <[EMAIL PROTECTED] To: Struts Users Mailing List <[EMAIL PROTECTED]> > xxera.com> cc: > Subject: RequestProcessor problem > 30/12/2003 11:22 > Please respond to > "Struts Users > Mailing List" > > > > > > >Can anyone give me an example on how to use the RequestProcessor? > >I want to use the RequestProcessor to check on action roles. Do I have >to subclass it? Or I can use it as it is? >To use roles to I have to configure anything in the container too? Or >just setting the roles parameter and using the RequestProcessor, will >allow mw to check the roles that the user might have to access that action? > >Thanks > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > >-- > >This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]