You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Matt Raible <ma...@raibledesigns.com> on 2001/11/30 22:37:05 UTC
Proposal for form-based security
Everyone,
I'm thinking about developing an extension for Struts and wanted to see what
you developers think before I build it. Building off of Nic Hobb's
Role-based Actions, I'd like to add the ability to control a form's look and
feel based on the user's role. Basically, what I hope to do is add
declarative security to struts-config.xml so that form fields can be
write-able, read-only, or hidden based on the user's role.
My idea is to add a <security> element to the <form-bean> declaration - like
so:
<form-bean name="firstForm"
type="org.apache.struts.webapp.example.FirstForm">
<security fields="field1,field2,field3"
(inRole | notRole)="readOnly1,readOnly2"
type="readOnly"/>
</form-bean>
fields = comma delimited list you want to set security for.
inRole or notRole = comma delimited list of roles that this applies to
type = flag to indicate type of security
readOnly - adds disabled="disabled" to html controls (struts html
tag that builds html)
hidden - changes control from type="*" to type="hidden" OR doesn't
even put the name/value on the page
write - default (shouldn't need to be used)
Let me know what you think. I receive a fair amount of positive feedback,
I'll write the extension and a sample app to go with it.
Thanks,
Matt