Hi,
To check the users access the best approach is to check the access on the
action by giving the roles attributes in the Struts Config and overriding
the processRoles() method of action class.
In addition to this if you want to limit weather a link is dispalyed to the
user or not you can take help from the following custom tag code and create
one for your application on similar grounds.
--------------------------------------------------------------------------------------------------------
Tag Class
--------------------------------------------------------------------------------------------------------
public class RolePresentTag extends TagSupport {
private String _role = null;
public void setRole(String sRole) {
_role = sRole;
}
public String getRole() {
return _role;
}
public int doStartTag() throws JspTagException {
boolean present = false;
ResourceBundle bundle = null;
HttpServletRequest request = null;
String roleName = null;
StringTokenizer st = null;
try {
bundle = ResourceBundle.getBundle(Constants.RESOURCES);
request = (HttpServletRequest) pageContext.getRequest();
st = new StringTokenizer(_role, ",", false);
while (st.hasMoreTokens()) {
try {
roleName = bundle.getString(st.nextToken());
} catch (MissingResourceException e) {
continue;
}
if (Util.isUserInRole(roleName, request)) {
present = true;
break;
}
}
} catch (Exception ex) {
throw new JspTagException(ex.getMessage());
}
return present ? EVAL_BODY_INCLUDE : SKIP_BODY;
}
public int doEndTag() {
return EVAL_PAGE;
}
}
--------------------------------------------------------------------------------------------------------
Util.isUserInRole :
In this method track the current role of the user from session and check if
it is one of the assigned role for this link
--------------------------------------------------------------------------------------------------------
tld :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag
Library 1.1//EN"
"http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd";>
<taglib>
<tlibversion>1.0</tlibversion>
<jspversion>1.1</jspversion>
<shortname>rolepresent</shortname>
<tag>
<name>present</name>
<tagclass>com.util.tag.RolePresentTag</tagclass>
<bodycontent>JSP</bodycontent>
<attribute>
<name>role</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>
--------------------------------------------------------------------------------------------------------
JSP Code :
<rolepresent:present role ="Role Lisiting" >
<Link>
</rolepresent:present>
Hope this solves your problem.
On 1/11/06, shyam kishore alapati <[EMAIL PROTECTED]> wrote:
>
> While login itself you can have the permissions in the session and based
> on the permissions you can hide the links. Just for one variable i think
> there is no need to call the database.use can use <logic:presenet> or
> <logic:equal> for this.
> -----Original message-----
> From: "Rivka Shisman" [EMAIL PROTECTED]
> Date: Wed, 11 Jan 2006 04:18:23 -0800
> To: "Struts Users Mailing List" user@struts.apache.org
> Subject: Enabling links according to user's authorization
>
> > Hi everyone,
> >
> > We have a web application running on Websphere Application Server V6.
> > Say I have a JSP page that enables working on Student details.
> > This JSP page enables users to view, insert, update or delete student
> > records.
> > Now, some users can only use the 'View' link, others can also use
> > 'Insert' link, and some other users can only update.
> >
> > From what i know, i can hold a DB table that indicates for each user and
> > table - which operations are allowed.
> > But, my question is - what is the right way to do that on the JSP page?
> > Do i call this security table on each page load and hide the
> > unauthorized links? Or, do always show all the links and just let the
> > database throw an exception and give a message to the user, when he/she
> > presses an unauthorized link? Or is there a third and better way?
> >
> > Thanks
> > Rivka
> >
>
>
