Well I tried this but did not work:
<action path="/listInvoice" scope="request" validate="true"
roles="ADMIN,MANAGER"
type="com.acme.InvoiceList" name="invoiceForm"
input="/invoicelist.do">
<forward name="success" path="def.success"></forward>
<forward name="failure"
path="/invoicelist.do"></forward>
</action>
And on my action:
String roles[] = mapping.getRoleNames();
Problem is that roles has a zero size array.
What have I done wrong here?
Best Regards
On 6/28/06, Paul Benedict <[EMAIL PROTECTED]> wrote:
Vinicius,
#1: Do you have any kind of a user object? If so, use the
HttpServletRequestWrapper to wrap it up in the current request (via a filter),
and then delegate its isUserInRole method to the user.
#2: Each action mapping has a "role" attribute; it contains a comma delimited
list of roles that may access the action.
Paul
Vinicius Carvalho <[EMAIL PROTECTED]> wrote: Hello there! I know this kind of
question has been very very
discussed. But I've been away from struts for a while.
I need to create two types of actions, one that anyone can access and
a secure one, based solely on user's roles.
Here's what I've come in mind:
public abstract class BaseAction extends ActionSupport {
protected boolean isUserInRole(HttpServletRequest request){
return true;
}
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) throws
Exception {
ActionForward forward = null;
if(isUserInRole(request)){
forward = doExecute(mapping,form,request,response);
}else{
forward = mapping.findForward("global.naoPermitido");
}
return forward;
}
public abstract ActionForward doExecute(ActionMapping mapping,
ActionForm form, HttpServletRequest request, HttpServletResponse
response) throws Exception;
public abstract class SecureAction extends BaseAction {
protected boolean isUserInRole(HttpServletRequest request) {
HttpSession session = request.getSession();
return super.isUserInRole(request);
}
}
Now here's the question :
I'd like to have all SecureAction's subclasses to inform it's parent
class about which role is required to access that class. It would be
very nice if that could be done by configuration struts-config.
I was reading about the set-property param. So I could have a
role:String property on my SecureAction and all subclasses would have
accessor/muttators for it.
Which would be a nice design for this requirement? I mean, whats the
best alternative?
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
starting at 1ยข/min.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
