You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Richard Mixon (qwest)" <rn...@custco.biz> on 2003/12/02 20:11:51 UTC

[OT] Role-based security, how to switch "active" role

We are considering assigning multiple roles to some users/principals in our Struts 1.1 application. The alternative is to have to
give some users multiple login ids, which does not seem attractive. J2EE, Struts and Tomcat all seem to support multiple roles.

BACKGROUND:

I took a look at creating the logic to figure out how the various roles act when combined - its complex, but doable.  But the view
of data the user might see in such a situation may be confusing.

My inclination is to build support for a concept of the "active". User's with multiple roles could, at will, switch which role they
were playing. The current "active" role will of course be stored in the user's session.

Examples of our roles might be the following three:

  STDUSER - allows a user to maintain a set of data on the system that applies mostly to them. Their data will reference "common"
data that is maintained by the organization.
  ORGADMIN - maintains the "common"/shared data that is referred to by all.
  HELPER - allows an expert user to view data created by others with the STDUSER role, but not update the data. They help less
experience users.

The roles authorize actions at two levels.

1) Standard J2EE security can use the rols to decide which actions/pages a user can switch to/see.

2) Additional business logic decides what particular subset of data the user will see, depending on their role, on a given page.

The users will not need to switch roles often, and there will be a default role defined for each user.

MY QUESTIONS:

1) Is this a good approach or are there better alternatives?

2) How can I put a "mini" form in my header that supports switching roles, but still stay on the current screen so that subsequent
actions will take this new active role into account. My understanding is that only a single form can be submitted. Most of my pages
have a main form, and then would have this "mini" form for switching active roles.

Thanks - Richard



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org