I just did this, and found it extremely simple. I eventually went away from
the tagish / http://www.mooreds.com/jaas.html solution.
Three steps is all it takes:
-1- add this to your struts-config
<controller
processorClass="com.ourcompany.portal.site.struts.action.CustomRequestProces
sor"/>
-2- Code
// The Struts Tiles plugin implements its own RequestProcessor, so if you
want
// to use your RequestProcessor alongside the Tiles' RequestProcessor, make
// sure your processor extends TilesRequestProcessor instead of
RequestProcessor
public class CustomRequestProcessor extends TilesRequestProcessor {
protected boolean processRoles(HttpServletRequest request,
HttpServletResponse response,
ActionMapping mapping)
throws IOException, ServletException {
// Is this action protected by role requirements?
String roles[] = mapping.getRoleNames();
if ((roles == null) || (roles.length < 1)) {
return (true);
}
// Check the current user against the list of required roles
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
if (user == null) {
response.sendRedirect("noSessionAvailable.do");
return false;
}
for (int i = 0; i < roles.length; i++) {
if (user.hasRole(roles[i])) {
return (true);
}
}
response.sendRedirect("errorNotAuthorized.do");
return (false);
}
}
-3- add roles attributes to your action elements in struts-config
<action path="/billingInformationEdit"
type="org.apache.struts.actions.ForwardAction"
parameter="/pages/billingInformationEdit.jsp"
roles="registeredUser"
>
<set-property property="secure" value="true"/>
</action>
HTH - Eric
> -----Original Message-----
> From: David Friedman [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 17, 2004 9:15 AM
> To: Struts Users Mailing List
> Subject: RE: Specifying JAAS permission on a per-action basis
>
> Pow2ACL http://pow2acl.sourceforge.net/index.html
> might fit your JAAS high-end needs. It also integrates
> with Struts.
>
> Regards,
> David
>
> -----Original Message-----
> From: Adam Lipscombe [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 17, 2004 9:02 AM
> To: 'Struts Users Mailing List'
> Subject: Specifying JAAS permission on a per-action basis
>
>
> Folks,
>
>
> I am using JAAS with the Tagish libraries to authenticate
> users via a JDBC
> lookup. This works.
>
>
> What I need to do now is to specify permissions on an action-by-action
> basis, but I am unclear about how this is achieved...
>
> Dan Moore's excellent tutorial at
> http://www.mooreds.com/jaas.html shows an
> example of setting permissions via a policy configuration
> file ("Example 8.
> Sample JAAS policy file").
>
> I have also read that its possible to specify permission via a "roles"
> attribute on the action mapping definition in the
> struts-config.xml file.
>
>
> Does anyone know if these approaches to permission setting
> are complimentary
> or mutually exclusive?
> Does anyone know which is the best?
>
> I would prefer to set the perms in struts-config if possible,
> if only to
> keep all the config in the same file. An example of setting
> perms this way
> would be great.
>
>
>
> TIA - Adam
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
