You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by elyes sallem <el...@gmail.com> on 2009/04/20 16:29:25 UTC
how remain in the same page
Hello,
i have a struts application, which can be used by different user profile
among the profile, there is one who can access some pages
so if he try to access to one page , i will diplay a warning message in the
depart page
so, i wanna know , after checking the user profile in the action, how can i
forward him to the source page, i.e he remains in the same page, and i will
display a warning message to inform him that this page is inaccessible
Thanks
Regards
Elyes
Re: how remain in the same page
Posted by Jim Kiley <jh...@summa-tech.com>.
There's a number of ways to handle scenarios like this. An easy one would
be something like this:
Assume you have start.jsp and next.jsp, and StartAction and NextAction.
In StartAction have two results: SUCCESS and NOT_ALLOWED. SUCCESS goes to
NextAction, NOT_ALLOWED returns to start.jsp.
In the execute() method of StartAction, check the user's credentials. if
they have the right credentials, return SUCCESS. if they do not, do
addActionError("you are Not Allowed") and return NOT_ALLOWED.
Another alternative would be to restrict page access with something like
Spring Security, which is overkill if there's only a few pages you need to
manage access to, but darned handy if any more than that.
jk
On Tue, Apr 21, 2009 at 10:31 AM, Stefano <el...@gmail.com> wrote:
> have u solved?
>
> i've the same issues to do.
>
>
> On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com>
> wrote:
>
> > Hello,
> > i have a struts application, which can be used by different user profile
> > among the profile, there is one who can access some pages
> > so if he try to access to one page , i will diplay a warning message in
> the
> > depart page
> > so, i wanna know , after checking the user profile in the action, how can
> i
> > forward him to the source page, i.e he remains in the same page, and i
> will
> > display a warning message to inform him that this page is inaccessible
> >
> >
> > Thanks
> > Regards
> > Elyes
> >
>
>
>
> --
> Stefano
>
--
Jim Kiley
Senior Technical Consultant | Summa
[p] 412.258.3346
http://www.summa-tech.com
Re: how remain in the same page
Posted by elyes sallem <el...@gmail.com>.
dave , read this mail before !!!
2009/4/21 elyes sallem <el...@gmail.com>
> ah , no , if you wanna make a test of user privilige , u can use in this
> case realm
> u defines roles
> and u can protect same page by
> security-constraint tag , u defines differents roles , here is an example
>
> <security-constraint>
> <display-name>Test d'authentification tomcat</display-name>
>
> <!-- Liste des pages protégées -->
> <web-resource-collection>
> <web-resource-name>Page sécurisée</web-resource-name>
>
> <url-pattern>/admin/*</url-pattern>
> </web-resource-collection>
> <!-- Rôles des utilisateurs ayant le droit d'y accéder -->
>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
>
> </security-constraint>
> <login-config>
> <!-- Type d'authentification -->
> <auth-method>BASIC</auth-method>
>
> <realm-name>Espace Membres</realm-name>
> </login-config>
> <!-- Rôles utilisés dans l'application -->
>
> <security-role>
> <description>Administrateur</description>
> <role-name>admin</role-name>
>
> </security-role>
>
> Regards
> Sallemel
>
>
>
>
>
> 2009/4/21 Jim Kiley <jh...@summa-tech.com>
>
> Are you recommending testing a user's privileges in the untrusted,
>> untrustworthy, totally hackable client code? Really?
>>
>> On Tue, Apr 21, 2009 at 10:43 AM, elyes sallem <elyes.sallem@gmail.com
>> >wrote:
>>
>> > of course u make the test , in a javascript function, in your jsp
>> >
>> > Elyes
>> >
>> > 2009/4/21 elyes sallem <el...@gmail.com>
>> >
>> > > hi Stefano ,
>> > > in fact , i choosed to back to one page in every case, that's ok for
>> me
>> > > if u wanna remain in the same page
>> > > u can declare a getter for a member in the form
>> > > let's say test1
>> > > so in getTest1(){
>> > > you make the treatment u want
>> > > and return a boolean resultat for example
>> > > if true, u submit to an action else u don't submit
>> > > and u declare test1 in the jsp page as a hidden field <htm:hidden
>> > > property="test1":>
>> > > like this u can remain in the same page and invoke only your action
>> when
>> > > the returned result is ok
>> > >
>> > > wish i was clear
>> > >
>> > > Regards
>> > > Elyes
>> > >
>> > > }
>> > >
>> > >
>> > >
>> > > 2009/4/21 Stefano <el...@gmail.com>
>> > >
>> > > have u solved?
>> > >>
>> > >> i've the same issues to do.
>> > >>
>> > >>
>> > >> On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com>
>> > >> wrote:
>> > >>
>> > >> > Hello,
>> > >> > i have a struts application, which can be used by different user
>> > profile
>> > >> > among the profile, there is one who can access some pages
>> > >> > so if he try to access to one page , i will diplay a warning
>> message
>> > in
>> > >> the
>> > >> > depart page
>> > >> > so, i wanna know , after checking the user profile in the action,
>> how
>> > >> can i
>> > >> > forward him to the source page, i.e he remains in the same page,
>> and i
>> > >> will
>> > >> > display a warning message to inform him that this page is
>> inaccessible
>> > >> >
>> > >> >
>> > >> > Thanks
>> > >> > Regards
>> > >> > Elyes
>> > >> >
>> > >>
>> > >>
>> > >>
>> > >> --
>> > >> Stefano
>> > >>
>> > >
>> > >
>> > >
>> > > --
>> > > Elyes.
>> > >
>> >
>> >
>> >
>> > --
>> > Elyes.
>> >
>>
>>
>>
>> --
>> Jim Kiley
>> Senior Technical Consultant | Summa
>> [p] 412.258.3346
>> http://www.summa-tech.com
>>
>
>
>
> --
> Elyes.
>
--
Elyes.
Re: how remain in the same page
Posted by elyes sallem <el...@gmail.com>.
ah , no , if you wanna make a test of user privilige , u can use in this
case realm
u defines roles
and u can protect same page by
security-constraint tag , u defines differents roles , here is an example
<security-constraint>
<display-name>Test d'authentification tomcat</display-name>
<!-- Liste des pages protégées -->
<web-resource-collection>
<web-resource-name>Page sécurisée</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<!-- Rôles des utilisateurs ayant le droit d'y accéder -->
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!-- Type d'authentification -->
<auth-method>BASIC</auth-method>
<realm-name>Espace Membres</realm-name>
</login-config>
<!-- Rôles utilisés dans l'application -->
<security-role>
<description>Administrateur</description>
<role-name>admin</role-name>
</security-role>
Regards
Sallemel
2009/4/21 Jim Kiley <jh...@summa-tech.com>
> Are you recommending testing a user's privileges in the untrusted,
> untrustworthy, totally hackable client code? Really?
>
> On Tue, Apr 21, 2009 at 10:43 AM, elyes sallem <elyes.sallem@gmail.com
> >wrote:
>
> > of course u make the test , in a javascript function, in your jsp
> >
> > Elyes
> >
> > 2009/4/21 elyes sallem <el...@gmail.com>
> >
> > > hi Stefano ,
> > > in fact , i choosed to back to one page in every case, that's ok for
> me
> > > if u wanna remain in the same page
> > > u can declare a getter for a member in the form
> > > let's say test1
> > > so in getTest1(){
> > > you make the treatment u want
> > > and return a boolean resultat for example
> > > if true, u submit to an action else u don't submit
> > > and u declare test1 in the jsp page as a hidden field <htm:hidden
> > > property="test1":>
> > > like this u can remain in the same page and invoke only your action
> when
> > > the returned result is ok
> > >
> > > wish i was clear
> > >
> > > Regards
> > > Elyes
> > >
> > > }
> > >
> > >
> > >
> > > 2009/4/21 Stefano <el...@gmail.com>
> > >
> > > have u solved?
> > >>
> > >> i've the same issues to do.
> > >>
> > >>
> > >> On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com>
> > >> wrote:
> > >>
> > >> > Hello,
> > >> > i have a struts application, which can be used by different user
> > profile
> > >> > among the profile, there is one who can access some pages
> > >> > so if he try to access to one page , i will diplay a warning message
> > in
> > >> the
> > >> > depart page
> > >> > so, i wanna know , after checking the user profile in the action,
> how
> > >> can i
> > >> > forward him to the source page, i.e he remains in the same page, and
> i
> > >> will
> > >> > display a warning message to inform him that this page is
> inaccessible
> > >> >
> > >> >
> > >> > Thanks
> > >> > Regards
> > >> > Elyes
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Stefano
> > >>
> > >
> > >
> > >
> > > --
> > > Elyes.
> > >
> >
> >
> >
> > --
> > Elyes.
> >
>
>
>
> --
> Jim Kiley
> Senior Technical Consultant | Summa
> [p] 412.258.3346
> http://www.summa-tech.com
>
--
Elyes.
Re: how remain in the same page
Posted by Dave Newton <ne...@yahoo.com>.
elyes sallem wrote:
> but u know if u have personal pb with some one and u look for the
> opportunity to offend him freely
> it is too stupid behavior i think
I don't have a personal problem with you, unless you count not bothering
to spell the word "you", and calling my behavior stupid.
I responded to the posts I'd seen, and humorously to Jim's.
This is a mailing list. Not all messages are delivered in order. His
came before your followup. There's absolutely nothing I can do about
that, except explain the non-determinism inherent in mailing lists.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: how remain in the same page
Posted by elyes sallem <el...@gmail.com>.
i send a mail where i explained what he should use in this case (realm)
here is the mail content
ah , no , if you wanna make a test of user privilige , u can use in this
case realm
u defines roles
and u can protect same page by
security-constraint tag , u defines differents roles , here is an example
<security-constraint>
<display-name>Test d'authentification tomcat</display-name>
<!-- Liste des pages protégées -->
<web-resource-collection>
<web-resource-name>Page sécurisée</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<!-- Rôles des utilisateurs ayant le droit d'y accéder -->
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!-- Type d'authentification -->
<auth-method>BASIC</auth-method>
<realm-name>Espace Membres</realm-name>
</login-config>
<!-- Rôles utilisés dans l'application -->
<security-role>
<description>Administrateur</description>
<role-name>admin</role-name>
</security-role>
but u know if u have personal pb with some one and u look for the
opportunity to offend him freely
it is too stupid behavior i think
2009/4/21 Dave Newton <ne...@yahoo.com>
> Jim Kiley wrote:
>
>> Are you recommending testing a user's privileges in the untrusted,
>> untrustworthy, totally hackable client code? Really?
>>
>
> Oh, what's the worst that could happen?
>
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
--
Elyes.
Re: how remain in the same page
Posted by Dave Newton <ne...@yahoo.com>.
Jim Kiley wrote:
> Are you recommending testing a user's privileges in the untrusted,
> untrustworthy, totally hackable client code? Really?
Oh, what's the worst that could happen?
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: how remain in the same page
Posted by Jim Kiley <jh...@summa-tech.com>.
Are you recommending testing a user's privileges in the untrusted,
untrustworthy, totally hackable client code? Really?
On Tue, Apr 21, 2009 at 10:43 AM, elyes sallem <el...@gmail.com>wrote:
> of course u make the test , in a javascript function, in your jsp
>
> Elyes
>
> 2009/4/21 elyes sallem <el...@gmail.com>
>
> > hi Stefano ,
> > in fact , i choosed to back to one page in every case, that's ok for me
> > if u wanna remain in the same page
> > u can declare a getter for a member in the form
> > let's say test1
> > so in getTest1(){
> > you make the treatment u want
> > and return a boolean resultat for example
> > if true, u submit to an action else u don't submit
> > and u declare test1 in the jsp page as a hidden field <htm:hidden
> > property="test1":>
> > like this u can remain in the same page and invoke only your action when
> > the returned result is ok
> >
> > wish i was clear
> >
> > Regards
> > Elyes
> >
> > }
> >
> >
> >
> > 2009/4/21 Stefano <el...@gmail.com>
> >
> > have u solved?
> >>
> >> i've the same issues to do.
> >>
> >>
> >> On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com>
> >> wrote:
> >>
> >> > Hello,
> >> > i have a struts application, which can be used by different user
> profile
> >> > among the profile, there is one who can access some pages
> >> > so if he try to access to one page , i will diplay a warning message
> in
> >> the
> >> > depart page
> >> > so, i wanna know , after checking the user profile in the action, how
> >> can i
> >> > forward him to the source page, i.e he remains in the same page, and i
> >> will
> >> > display a warning message to inform him that this page is inaccessible
> >> >
> >> >
> >> > Thanks
> >> > Regards
> >> > Elyes
> >> >
> >>
> >>
> >>
> >> --
> >> Stefano
> >>
> >
> >
> >
> > --
> > Elyes.
> >
>
>
>
> --
> Elyes.
>
--
Jim Kiley
Senior Technical Consultant | Summa
[p] 412.258.3346
http://www.summa-tech.com
Re: how remain in the same page
Posted by elyes sallem <el...@gmail.com>.
of course u make the test , in a javascript function, in your jsp
Elyes
2009/4/21 elyes sallem <el...@gmail.com>
> hi Stefano ,
> in fact , i choosed to back to one page in every case, that's ok for me
> if u wanna remain in the same page
> u can declare a getter for a member in the form
> let's say test1
> so in getTest1(){
> you make the treatment u want
> and return a boolean resultat for example
> if true, u submit to an action else u don't submit
> and u declare test1 in the jsp page as a hidden field <htm:hidden
> property="test1":>
> like this u can remain in the same page and invoke only your action when
> the returned result is ok
>
> wish i was clear
>
> Regards
> Elyes
>
> }
>
>
>
> 2009/4/21 Stefano <el...@gmail.com>
>
> have u solved?
>>
>> i've the same issues to do.
>>
>>
>> On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com>
>> wrote:
>>
>> > Hello,
>> > i have a struts application, which can be used by different user profile
>> > among the profile, there is one who can access some pages
>> > so if he try to access to one page , i will diplay a warning message in
>> the
>> > depart page
>> > so, i wanna know , after checking the user profile in the action, how
>> can i
>> > forward him to the source page, i.e he remains in the same page, and i
>> will
>> > display a warning message to inform him that this page is inaccessible
>> >
>> >
>> > Thanks
>> > Regards
>> > Elyes
>> >
>>
>>
>>
>> --
>> Stefano
>>
>
>
>
> --
> Elyes.
>
--
Elyes.
Re: how remain in the same page
Posted by Dave Newton <ne...@yahoo.com>.
elyes sallem wrote:
> if u wanna remain in the same page
Are you sending this from a cel phone?
> and u declare test1 in the jsp page as a hidden field <htm:hidden
> property="test1":>
...
Are you saying that I could just submit my own value for this field and
break your "security" mechanism?!
> wish i was clear
Me too.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: how remain in the same page
Posted by elyes sallem <el...@gmail.com>.
hi Stefano ,
in fact , i choosed to back to one page in every case, that's ok for me
if u wanna remain in the same page
u can declare a getter for a member in the form
let's say test1
so in getTest1(){
you make the treatment u want
and return a boolean resultat for example
if true, u submit to an action else u don't submit
and u declare test1 in the jsp page as a hidden field <htm:hidden
property="test1":>
like this u can remain in the same page and invoke only your action when the
returned result is ok
wish i was clear
Regards
Elyes
}
2009/4/21 Stefano <el...@gmail.com>
> have u solved?
>
> i've the same issues to do.
>
>
> On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com>
> wrote:
>
> > Hello,
> > i have a struts application, which can be used by different user profile
> > among the profile, there is one who can access some pages
> > so if he try to access to one page , i will diplay a warning message in
> the
> > depart page
> > so, i wanna know , after checking the user profile in the action, how can
> i
> > forward him to the source page, i.e he remains in the same page, and i
> will
> > display a warning message to inform him that this page is inaccessible
> >
> >
> > Thanks
> > Regards
> > Elyes
> >
>
>
>
> --
> Stefano
>
--
Elyes.
Re: how remain in the same page
Posted by Stefano <el...@gmail.com>.
have u solved?
i've the same issues to do.
On Mon, Apr 20, 2009 at 16:29, elyes sallem <el...@gmail.com> wrote:
> Hello,
> i have a struts application, which can be used by different user profile
> among the profile, there is one who can access some pages
> so if he try to access to one page , i will diplay a warning message in the
> depart page
> so, i wanna know , after checking the user profile in the action, how can i
> forward him to the source page, i.e he remains in the same page, and i will
> display a warning message to inform him that this page is inaccessible
>
>
> Thanks
> Regards
> Elyes
>
--
Stefano