You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Michael Lee <ml...@hotmail.com> on 2002/12/03 18:54:18 UTC
Re: Security roles with Struts
for container managed roles struts actions act just like all http request
that the container can intercept.
in the web.xml
<security-constraint>
<display-name>Secure Something</display-name>
<web-resource-collection>
<web-resource-name>Admin Resources</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>Secure all data</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
What this does is lock down all requests to the /admin/ directory to users
of Admin role.
You can do the same with actions by putting in the url pattern using
wildcards or the action itself.
for example;
<url-pattern>/admin/addUser.do</url-pattern>
----- Original Message -----
From: "Elena Neroslavskaya" <el...@groveware.com>
To: <st...@jakarta.apache.org>
Sent: Tuesday, December 03, 2002 11:05 AM
Subject: Security roles with Struts
> Hello all,
> I have succeeded to configure DB security realm for JBoss container it
works
> for simple JSP solution,
>
> Bu I have problems to make it work with Struts !
>
> Could anybody please be so kind and post here an example
> how to configure Struts to use Container Managed Roles.
>
> And post here your web.xml ans struts-config.xml ?
>
> Thank you very much
>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Security roles with Struts
Posted by David Bolsover <da...@bolsover.com>.
Make sure you look at the logic taglib
<logic:present role="level3">
very useful :-)
db
> -----Original Message-----
> From: Michael Lee [mailto:mleejr@hotmail.com]
> Sent: 03 December 2002 17:54
> To: Struts Users Mailing List
> Subject: Re: Security roles with Struts
>
>
> for container managed roles struts actions act just like all http request
> that the container can intercept.
> in the web.xml
> <security-constraint>
> <display-name>Secure Something</display-name>
> <web-resource-collection>
> <web-resource-name>Admin Resources</web-resource-name>
> <url-pattern>/admin/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <description>Secure all data</description>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> What this does is lock down all requests to the /admin/ directory to users
> of Admin role.
> You can do the same with actions by putting in the url pattern using
> wildcards or the action itself.
> for example;
> <url-pattern>/admin/addUser.do</url-pattern>
>
> ----- Original Message -----
> From: "Elena Neroslavskaya" <el...@groveware.com>
> To: <st...@jakarta.apache.org>
> Sent: Tuesday, December 03, 2002 11:05 AM
> Subject: Security roles with Struts
>
>
> > Hello all,
> > I have succeeded to configure DB security realm for JBoss container it
> works
> > for simple JSP solution,
> >
> > Bu I have problems to make it work with Struts !
> >
> > Could anybody please be so kind and post here an example
> > how to configure Struts to use Container Managed Roles.
> >
> > And post here your web.xml ans struts-config.xml ?
> >
> > Thank you very much
> >
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>