Hi, Some time ago I was looking for an answer on the same question :) Here is how I solved this issue. 1) All request goes though SecurityFilter (www.sf.net) 2) Wrapped original request with this one public class SecurityRequestWrapper extends org.securityfilter.filter.SecurityRequestWrapper {
public static final char SESSION_ROLE_KEY='@'; public static final String USER_INFO="userInfo"; public SecurityRequestWrapper(HttpServletRequest arg0, SavedRequest arg1, SecurityRealmInterface arg2, String arg3) { super(arg0, arg1, arg2, arg3); } public boolean isUserInRole(String roleName) { if(roleName.charAt(0)==SESSION_ROLE_KEY){ SecurityFilterPrincipal principal=(SecurityFilterPrincipal)getUserPrincipal(); String roleKey=(String)getSession().getAttribute(String.valueOf(SESSION_ROLE_KE Y)); if(principal!=null && roleKey!=null){ Map roleMap=principal.getRoleMap(); List roles=(List)roleMap.get(roleKey); if(roles!=null){ StringTokenizer tokenizer=new StringTokenizer(roleName.substring(1),","); while(tokenizer.hasMoreTokens()){ if(roles.contains(tokenizer.nextToken())) return true; } } } return false; } return super.isUserInRole(roleName); } } and modified doFilter method to use my Request Object ... doFilter(...){ HttpServletRequest hReq = (HttpServletRequest) request; HttpServletResponse hRes = (HttpServletResponse) response; SecurityRequestWrapper wrappedRequest; ... (the rest is coppied from SecurityFilter sources) } 3) Created Principal interface implementation in SecurityFilterPrincipal object with map property holding all userRoles public class SecurityFilterPrincipal implements Principal,Serializable { private String name=null; private HashMap roleMap=null; //roleMap[key]=ArrayList(roles) .. (just create getter and setters for properties) } 4) Implemented SecurityRealmInterface interface public class JDBCSecurityFilterRealm implements SecurityRealmInterface { .. (find the source of this class in SecurityFilter) .. change the login function to reflect your situation (here I load all user roles but into my Principal's roleMap property) } 5) The most important in all of this is implementation of isUserInRole function (SecurityRequestWrapper object). The way you check your roles there are up to you. In my case I put into the session some indicator telling me which key in the rolesMap is the active one. In this way although I'm not dynamically removing roles I switch them accordingly to the situation. Hope it's what you want. -----Original Message----- From: Paul Benedict [mailto:[EMAIL PROTECTED] Sent: Monday, July 03, 2006 11:18 AM To: Struts Users Mailing List Subject: Re: Changing Role Access to Actions on the Fly I can say with mild confidence that the action mapping is "frozen" once loaded, and changes to it during runtime cannot be made. Since roles are part of a mapping, it cannot be done. But don't let the framework stop you! Just because its automated configuration features are frozen, doesn't mean you can't get around it. If you are willing to perform explicit role checking inside the action, then you can achieve what you're trying to do. Yes, you will be giving up the XML configuration, but, you're doing something very special; I don't even know if *ANY* framework allows something like this. In my opinion, you might search for a better solution. Perhaps dynamic role changing is a symptom of a bad design. For instance, instead of changing the role mapping, update the roles the user actually has -- that's usually how security apps work: change the user, not the app :) Paul Thomas Joseph <[EMAIL PROTECTED]> wrote: I couldnt see any replies, thats why I am adding up these comments. Actually I want the application users to create groups (roles), and then assign access rights to various actions for this group. Later group membership/access rights should be editable. This should be something like how we can do in Operating Systems. Any help in this regard is highly appriciated. Also tell if this is not possible Thanks in advance. Thomas Joseph ----- Original Message ----- From: "Thomas Joseph" To: "Struts Users Mailing List" Sent: Friday, June 30, 2006 5:37 PM Subject: Changing Role Access to Actions on the Fly > > > Hi all great brains, > > I would like my application to use roles to access any actions. However, I want to make access to these actions > change while the application is running. User in a role could access a particular action at one time, but not the > other time (when change has been made). (I understand that role based access to the Action Mapping is static.) > > Is there any way I can do this.? > > Any pointers,... ideas ?? > > Thanks in advance!! > > Thomas Joseph --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Want to be your own boss? Learn how on Yahoo! Small Business. **************************************************************************************** Note: If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. **************************************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]