You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Ted Husted <te...@husted.com> on 2003/12/09 20:47:15 UTC
Re: Have your Book: UserInRole question
You said it. The database returns the user's various roles ... to the
container, which also supplies the request from whence isUserInRole comes.
HTH, Ted.
Dave Yutzy wrote:
> I’ve been wracking the web to try and find out how to use the
> “request.isUserInRole()” functionality.
>
> I understand how to setup the web.xml as well as the <action> tag in
> the struts config, but where would I actually “assign” the value of
> the user’s role?
>
> So, if I have a custom login page and I auth. against a DB that
> returns the user’s various roles, how to I get those values into
> “????” so that they can be read by the request.isUserInRole() call?
>
> Anything you can do to point me in the right direction is greatly
> appreciated!
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Have your Book: UserInRole question
Posted by Max Cooper <ma...@maxcooper.com>.
You have only two choices for making request.isUserInRole() work:
1. Use container-managed security.
2. Use or create a Filter-based security system where you wrap the the
request objects in order to implement the isUserInRole() method. You can't
do this without writing a filter.
The SecurityFilter (http://www.securityfilter.org) project I run is an
example of #2. Here's a link to the source code for our
SecurityRequestWrapper class that implements the isUserInRole() method:
http://tinyurl.com/yile -- the implementation just delegates to the realm.
-Max
----- Original Message -----
From: "Ted Husted" <te...@husted.com>
To: <st...@jakarta.apache.org>
Sent: Tuesday, December 09, 2003 11:47 AM
Subject: Re: Have your Book: UserInRole question
> You said it. The database returns the user's various roles ... to the
> container, which also supplies the request from whence isUserInRole comes.
>
> HTH, Ted.
>
> Dave Yutzy wrote:
>
> > I’ve been wracking the web to try and find out how to use the
> > “request.isUserInRole()” functionality.
> >
> > I understand how to setup the web.xml as well as the <action> tag in
> > the struts config, but where would I actually “assign” the value of
> > the user’s role?
> >
> > So, if I have a custom login page and I auth. against a DB that
> > returns the user’s various roles, how to I get those values into
> > “????” so that they can be read by the request.isUserInRole() call?
> >
> > Anything you can do to point me in the right direction is greatly
> > appreciated!
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org