Jason, They might need to go into the account underneath them to fix something (if they are asked) and won't know the password (encrypted). The admin might need to fix something for a reseller's client made us look into (admin -> reseller -> client -> manager -> employee). I've had a few projects where someone 2 levels under asks for help from the level immediately above them. Then it goes up one and up again back to me. Rather than make interfaces for everyone for everything, I prefer the idea of "su'ing" into the account to fix something. So, I might have to 'become' the reseller (I'm the admin), then become a client, then become a manager then become an employee to look at or fix something for them.
Regards, David -----Original Message----- From: Jason Lea [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 6:49 PM To: Struts Users Mailing List Subject: Re: security framework!!! David Friedman wrote: >I've also been looking into security frameworks and the only solutions I've >really found are: > >1. Standard (container) JAAS >2. SecurityFilter http://securityfilter.sourceforge.net >3. Pow2ACL http://pow2acl.sourceforge.net/ > >I was hoping, at some point, to use an SSL switching feature such as SSLext. >>From my research, Pow2ACL and SecurityFilter won't work that way. >SecurityFilter has a note that certain 'elements' could be used for it but >the current code makes no use of them in that manner. As for Pow2ACL, I >didn't find anything suggesting how to use it in that way either. > >My bigger problem is my scenario, which no one supports. I'd like to allow >manager accounts to become one of if it's sub-accounts. My system would >support at least 5 levels where 4 could 'drill down' and back up again: >admin, reseller, client, manager, employee (bottom feeder, no managerial >tools and no popping into their accounts). Since there is no easily way to > > Trying to figure out what you are asking here can you give an example? If you have the following: 1. User Manfred is a manager 2. User Emily is an Employee 3. Emily is an employee under Manfred Are you saying that Manfred can become Emily and perform certain tasks/actions? Then Manfred would return to be Manfred the manager? >push/pop or even set (then I could use my own internal stack) a >UserPrincipal object, I'm thinking of using something a bit like >SecurityFilter: wrap the request object with a subclass of >HttpServeletRequestWrapper and add my own push/pop/set/get/count >UserPrincipal object(s). Then, I could hook the login procedure with >container methods (JAAS, i.e. a web browser login/password pop-up) and still >be able to (when I'm ready) use SSLext or something like it for the >HTTP/HTTPS switching. > >Regards, >David > >-----Original Message----- >From: Mailing List [mailto:[EMAIL PROTECTED] >Sent: Saturday, March 13, 2004 6:19 AM >To: [EMAIL PROTECTED] >Subject: security framework!!! > > >I'm developing a web application with struts.I had a problem for support >security at jsp pages level for different roles.I send an email and recived >2 response to solve my problem: >1. with HTML tags. >2. 2.with define role in tiles definition >but I'm searching for a good framework that be compatibled with struts >framework and support the security for different roles at page levels. >I mean for example if I have a jsp page with tow textfields and a submit >deponds on user's role at the system,one user just can see one of the >textfield and submit buttom and another user can see both of the textfield >and submit buttom. >Can you suggest a good framework for me. >regards > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- Jason Lea --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
