You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by Matt Raible <ma...@raibledesigns.com> on 2001/11/30 22:37:05 UTC

Proposal for form-based security

Everyone,

I'm thinking about developing an extension for Struts and wanted to see what
you developers think before I build it.  Building off of Nic Hobb's
Role-based Actions, I'd like to add the ability to control a form's look and
feel based on the user's role.  Basically, what I hope to do is add
declarative security to struts-config.xml so that form fields can be
write-able, read-only, or hidden based on the user's role. 

My idea is to add a <security> element to the <form-bean> declaration - like
so:

<form-bean     name="firstForm"
                     type="org.apache.struts.webapp.example.FirstForm">

           <security   fields="field1,field2,field3" 
                           (inRole | notRole)="readOnly1,readOnly2"
                           type="readOnly"/>
</form-bean>


fields = comma delimited list you want to set security for.
inRole or notRole = comma delimited list of roles that this applies to
type = flag to indicate type of security
	readOnly - adds disabled="disabled" to html controls (struts html
tag that builds html)
	hidden - changes control from type="*" to type="hidden" OR doesn't
even put the name/value on the page
	write - default (shouldn't need to be used)

Let me know what you think.  I receive a fair amount of positive feedback,
I'll write the extension and a sample app to go with it.

Thanks,

Matt