You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by ryan webb <we...@gmail.com> on 2008/04/11 04:14:09 UTC
how do i make the tomcat server send a 403 Forbidden response in JSP and in Struts?
I am having difficulty with authentication of user levels.
I have to kinds of users "user" and "administrators".
What we did in mySQL db is make a user table and in it, a "level" column is
placed containing whether a user is "administrator" or not.
there's no problem with this actually (I just wrote the situation and
setup).
*Now, I want the server to send a 403 response to non-administrative
personnel accessing some secured places in our site.*
How can I do this?(Or is this possible? I have no idea actually..)
I have a userBean.java that contains all user informations from database.
I made this in my execute method in Action class. (Something Like this)
execute(response, request, form....){
UserActionForm uaf = (UserActionForm) form;
UserBean userbean = new UserBean();
* if (userbean.getlevel().equals("user")){
response.sendError(SC_FORBIDDEN);
}
* return mapping.findForward....("Sucess");
}
this code does not compile..sendError() expects int value. I tried
sendError(403) but doesn't work.
Any Help is Gladly Appreciated! =)
God Bless!
Ryan Webb from Philippines
Re: how do i make the tomcat server send a 403 Forbidden response
in JSP and in Struts?
Posted by Guillaume Bilodeau <gb...@yahoo.com>.
HttpServletResponse.SC_FORBIDDEN is an int value, it should compile.
Another option is to use Acegi to manage application security. It allows
you to restrict access to URL patterns and/or object methods using user
roles. Taking this road is not a trivial undertaking though.
http://www.acegisecurity.org/
Cheers,
GB
ryan webb-2 wrote:
>
> I am having difficulty with authentication of user levels.
> I have to kinds of users "user" and "administrators".
>
> What we did in mySQL db is make a user table and in it, a "level" column
> is
> placed containing whether a user is "administrator" or not.
> there's no problem with this actually (I just wrote the situation and
> setup).
>
> *Now, I want the server to send a 403 response to non-administrative
> personnel accessing some secured places in our site.*
>
> How can I do this?(Or is this possible? I have no idea actually..)
>
> I have a userBean.java that contains all user informations from database.
> I made this in my execute method in Action class. (Something Like this)
>
> execute(response, request, form....){
>
> UserActionForm uaf = (UserActionForm) form;
>
> UserBean userbean = new UserBean();
>
> * if (userbean.getlevel().equals("user")){
> response.sendError(SC_FORBIDDEN);
> }
>
> * return mapping.findForward....("Sucess");
> }
>
> this code does not compile..sendError() expects int value. I tried
> sendError(403) but doesn't work.
>
> Any Help is Gladly Appreciated! =)
>
> God Bless!
> Ryan Webb from Philippines
>
>
--
View this message in context: http://www.nabble.com/how-do-i-make-the-tomcat-server-send-a-403-Forbidden-response-in-JSP-and-in-Struts--tp16623879p16648714.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org