You tried the Declarative Security model built into Tomcat? You can use that to talk to the database by defining a "JDBCRealm".
Or even better (since that doesn't give you a login form you can use the way you might expect to), take a look at SecurityFilter, which is what I use. http://www.securityfilter.org HTH > -----Original Message----- > From: Ding Lei [mailto:[EMAIL PROTECTED] > Sent: Friday, June 04, 2004 9:03 PM > To: Struts Users Mailing List; Ding Lei > Subject: Re: implementation of permission subsystem > > > One more thing, the system stores all user & group > information in database So storing role information in a > tomcat/struts configuration isn't really possible. > > On Sat, Jun 05, 2004 at 08:59:41AM +0800, Ding Lei wrote: > > Hello folks, > > I am working on a DVB(Digital video broadcasting) > content management > > webapp, which is based on the struts framework. It > mainly includes application, > > service,network, user,broadcasting management & etc. The system is > > originally designed almost without considering security issues, i.e > > almost all operations are done without permission check. > > Later on, I spent quite a few days attempting to implement a > > General permission control arch. with Dynamic Proxy, which checks a > > method's permission at runtime by it's name. But soonly > found out that > > this sytem's methods' naming are really a mess. For ex, > some methods > > are called "del" which actually does the "remove" operation, & vice > > versa. Even worse, same type of methods takes very > different type of > > arguments ---- a DVBUserManager.removeUser takes a DVBUser > object as argument, and a DVBNetworkManager takes a > DVBNetwork object as argument. > > So .. I found then I was endlessly adding bunches of "if" > to handle > > different specific methods in the Dynamic Proxy class. > > My question is, is there any good permission control framework > > provided directly/indirectly for Struts/Tomcat based applications ? > > If not, would you please suggest some others? > > > > Thank you. > > > > > > -- > > Yours, > > > > <<<::::: D i n g L e i ::::::>> > > || || > > || Ext: 8106 || > > || Email: <dinglei [A] ipanel [O] cn> || > > || Dept. Of Technology/Engineering || > > || Embedded Internet Solutions Inc. || > > || || > > <(((((( ===================== )))))>>> > > > > The economy depends about as much on economists as the > weather does on > > weather forecasters. > > -- Jean-Paul Kauffmann > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- > Yours, > > <<<::::: D i n g L e i ::::::>> > || || > || Ext: 8106 || > || Email: <dinglei [A] ipanel [O] cn> || > || Dept. Of Technology/Engineering || > || Embedded Internet Solutions Inc. || > || || > <(((((( ===================== )))))>>> > > "What is the robbing of a bank compared to the FOUNDING of a bank?" > -- Bertold Brecht > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]