You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Ramadoss Chinnakuzhandai <rc...@register.com> on 2003/10/22 22:21:09 UTC
User Authentication implemented in Struts
apologize for repeating my question again....I'm newbie to Struts and hv basic doubt in security level implemented using Struts framework.
we are aware that in normal J2EE application we are authenticating user based on user access level specified in web-app in web.xml(web container)
My Questions are
1.Are we following the same process of authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application.
2.If yes to the above question Is there someother way of authenticating a user available in Sturts? If so pls explain how you are authentication a user?
tnx in advance.
Regards,
-Ram
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: User Authentication implemented in Struts
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
If you made roles for each region, you could use them in that way too,
however I think that would be too cumbersome.
A servlet filter is also a possibility, but also not optimal I think.
I would make the implementation depend on the data model rather than the
authorisation scheme.
For instance in your data model, you can have sales associated with
different regions. You can also have users associated with different
regions. Therefore it will not be difficult to write SQL queries for
your reports where the sales displayed are selected by user.
e.g. a junior salesman has an association with one region, but a sales
manager would have links to several regions. The finance people would
have links to all regions.
Hope that's clear,
Adam
On 10/23/2003 04:05 AM Caroline Jen wrote:
> My question is similar. I use container-managed
> "role"-based security checking. I put "role" property
> in Action Mapping and use isUserInRole in my JSPs.
> For example, John can view the sales reports if he has
> the "sales role". Now, I want to further restrict John
> to view the sales reports in is "region" only.
>
> People say that I can use the servlet filter. I need
> guidance to see some examples.
>
>
> --- Adam Hardy <ah...@cyberspaceroad.com>
> wrote:
>
>>
>>On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai
>>wrote:
>>
>>>apologize for repeating my question again....I'm
>>
>>newbie to Struts and hv basic doubt in security
>>level implemented using Struts framework.
>>
>>>we are aware that in normal J2EE application we
>>
>>are authenticating user based on user access level
>>specified in web-app in web.xml(web container)
>>
>>>My Questions are
>>>
>>>1.Are we following the same process of
>>
>>authenticating a user against his/her access level
>>as that of the above...? if not pls explain how you
>>are authentication a user in your struts-based
>>application.
>>
>>>2.If yes to the above question Is there someother
>>
>>way of authenticating a user available in Sturts? If
>>so pls explain how you are authentication a user?
>>
>>Yes to both: struts leverages the built-in container
>>managed security as
>>specified by the servlet spec from Sun.
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: User Authentication implemented in Struts
Posted by Caroline Jen <ji...@yahoo.com>.
My question is similar. I use container-managed
"role"-based security checking. I put "role" property
in Action Mapping and use isUserInRole in my JSPs.
For example, John can view the sales reports if he has
the "sales role". Now, I want to further restrict John
to view the sales reports in is "region" only.
People say that I can use the servlet filter. I need
guidance to see some examples.
--- Adam Hardy <ah...@cyberspaceroad.com>
wrote:
>
>
> On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai
> wrote:
> > apologize for repeating my question again....I'm
> newbie to Struts and hv basic doubt in security
> level implemented using Struts framework.
> >
> > we are aware that in normal J2EE application we
> are authenticating user based on user access level
> specified in web-app in web.xml(web container)
> >
> > My Questions are
> >
> > 1.Are we following the same process of
> authenticating a user against his/her access level
> as that of the above...? if not pls explain how you
> are authentication a user in your struts-based
> application.
> >
> > 2.If yes to the above question Is there someother
> way of authenticating a user available in Sturts? If
> so pls explain how you are authentication a user?
>
> Yes to both: struts leverages the built-in container
> managed security as
> specified by the servlet spec from Sun.
>
> Adam
>
> --
> struts 1.1 + tomcat 5.0.12 + java 1.4.2
> Linux 2.4.20 RH9
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> struts-user-help@jakarta.apache.org
>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: User Authentication implemented in Struts
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai wrote:
> apologize for repeating my question again....I'm newbie to Struts and hv basic doubt in security level implemented using Struts framework.
>
> we are aware that in normal J2EE application we are authenticating user based on user access level specified in web-app in web.xml(web container)
>
> My Questions are
>
> 1.Are we following the same process of authenticating a user against his/her access level as that of the above...? if not pls explain how you are authentication a user in your struts-based application.
>
> 2.If yes to the above question Is there someother way of authenticating a user available in Sturts? If so pls explain how you are authentication a user?
Yes to both: struts leverages the built-in container managed security as
specified by the servlet spec from Sun.
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org