You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Dan Allen <da...@mojavelinux.com> on 2003/03/21 21:14:16 UTC
user active vs. user role
Just a quick little security question here. Do you think it would
be better to make a special role for inactive users or do you think
that an active/inactive switch should be a field in the datatable
for the user?
Basically, the user signs up, but then they have to be activated
before they can do anything.
Dan
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Daniel Allen, <da...@mojavelinux.com>
http://www.mojavelinux.com/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"The Linux philosophy is to laugh in face of danger. Oops.
Wrong one. 'Do it yourself' That's it"
-- Linus Torvalds
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
ActionError using non-default resource properties
Posted by adam kramer <ad...@monkey.org>.
Is there currently a method to construct an action error that will
eventually be used to draw a message key from the non-default resource
properties file? Any workarounds?
(im too busy/lazy to look at the code right now)
But if not would it be a useful feature?
thanks,
adam k.
---
http://adam.404.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: user active vs. user role
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Fri, 21 Mar 2003, Dan Allen wrote:
> Date: Fri, 21 Mar 2003 14:14:16 -0600
> From: Dan Allen <da...@mojavelinux.com>
> Reply-To: Struts Users Mailing List <st...@jakarta.apache.org>
> To: struts-user@jakarta.apache.org
> Subject: user active vs. user role
>
> Just a quick little security question here. Do you think it would
> be better to make a special role for inactive users or do you think
> that an active/inactive switch should be a field in the datatable
> for the user?
>
> Basically, the user signs up, but then they have to be activated
> before they can do anything.
>
If you're using container-managed security (or something that looks like
it, such as securityfilter), one elegant solution would be to model the
activation as a role named "activated" -- your administrative process
would just add this role as soon as they've done whatever processing is
needed to authorize the new user. In the mean time, you can use the lack
of this role to redirect the user to a nice page that says "we're in the
process of activating your account - please try again later", with no need
for any custom logic or special Realm implementation.
> Dan
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org