Thanks Wendy, I realy appreciate the effort you put in to explain these things.
Cheers, Alex. On 7/15/05, Wendy Smoak <[EMAIL PROTECTED]> wrote: > > From: "Aleksandar Matijaca" <[EMAIL PROTECTED]> > > > these roles you mention, are these JAAS roles? I think that JAAS > > roles would be way too much of an overkill for me... > > Definitely not JAAS. And in my case, not even Container-Managed Security > (though it pretends to be). :) > > I have Struts Menu configured to use the result of calling > request.isUserInRole() to decide whether to display a menu item. This is > as > simple as using the "magic" value 'rolesAdapter' in the tag, which causes > it > to use its RolesPermissionsAdapter: > > <menu:useMenuDisplayer name="TabbedMenu" > bundle="org.apache.struts.action.MESSAGE" > permissions="rolesAdapter"> ... > > I didn't look closely, but I'm fairly sure you can plug in a different > PermissionsAdapter if you need to. > > In my case, authorization info is stored in a database [that does not > easily > speak JDBC] underneath a 3rd party telnet app. I have a Filter in front of > the webapp that gets the authorization info out of the database, places a > 'User' object in the session, and then wraps the request and overrides > isUserInRole(). > > To do this "right" you'd probably want to override getUserPrincipal as > well-- in fact if you can wait a bit, I *think* Frank has in mind to add a > generic, configurable version of this idea to his Java Web Parts project. > > -- > Wendy Smoak > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
