You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by An...@fiducia.de on 2007/02/16 15:11:20 UTC
request-taglib: isUserInRole
Hello!
I have got an application, where users are authenticated with ldap firstly.
Afterwards, there will be another database, which defines the roles, the user is
in. When the user is logged in, the roles are read from this table and should be
applied to struts, in order to use afterwards the tag isUserInRole.
My question now is:
How must I set the roles the user is actually in (a user could be in more than
one role at the same time), after the user has been logged in, that I can use
the tag isUserInRole in the jsp file for hiding or not some pieces of the page?
Thanks for any hint,
kind regards,
Andreas Hartmann
----------------------------------------------------------------------------------------------------------------------------------------------
FIDUCIA IT AG
Fiduciastraße 20
76227 Karlsruhe
Sitz der Gesellschaft: Karlsruhe
AG Mannheim HRB 100059
Vorsitzender des Aufsichtsrats: Erwin Kuhn
Vorsitzender des Vorstands: Michael Krings
Vorstand: Klaus-Peter Bruns, Hans-Peter Straberger, Eckhardt Werner
Umsatzsteuer-ID.Nr. DE143582320, http://www.fiducia.de
----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: request-taglib: isUserInRole
Posted by Andreas Hartmann <an...@freenet.de>.
Laurie Harper wrote:
> Andreas.Hartmann@fiducia.de wrote:
>> Hello!
>>
>> I have got an application, where users are authenticated with ldap firstly.
>>
>> Afterwards, there will be another database, which defines the roles, the user is
>> in. When the user is logged in, the roles are read from this table and should be
>> applied to struts, in order to use afterwards the tag isUserInRole.
>>
>> My question now is:
>> How must I set the roles the user is actually in (a user could be in more than
>> one role at the same time), after the user has been logged in, that I can use
>> the tag isUserInRole in the jsp file for hiding or not some pieces of the page?
>
> 'isUserInRole' is a concept supplied by the standard Servlet APIs. If
> you are using container managed security, the details of how you map
> roles from your LDAP/database will be specific to the container you use.
> If you *don't* use container managed security, the details will be even
> less standard :-)
>
> What authentication / authorization strategy are you implementing? One
> way or another you will need to ensure that
> HttpServletRequest.isUserInRole() is aware of your authorization data.
That's my problem. I don't use container managed security, but my own one,
which is application driven. I think, I have to write my own tag to get
the functionality I need. This shouldn't be a problem.
Thanks for your hint,
kind regards,
Andreas Hartmann
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: request-taglib: isUserInRole
Posted by Laurie Harper <la...@holoweb.net>.
Andreas.Hartmann@fiducia.de wrote:
> Hello!
>
> I have got an application, where users are authenticated with ldap firstly.
>
> Afterwards, there will be another database, which defines the roles, the user is
> in. When the user is logged in, the roles are read from this table and should be
> applied to struts, in order to use afterwards the tag isUserInRole.
>
> My question now is:
> How must I set the roles the user is actually in (a user could be in more than
> one role at the same time), after the user has been logged in, that I can use
> the tag isUserInRole in the jsp file for hiding or not some pieces of the page?
'isUserInRole' is a concept supplied by the standard Servlet APIs. If
you are using container managed security, the details of how you map
roles from your LDAP/database will be specific to the container you use.
If you *don't* use container managed security, the details will be even
less standard :-)
What authentication / authorization strategy are you implementing? One
way or another you will need to ensure that
HttpServletRequest.isUserInRole() is aware of your authorization data.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org