You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Vinh Tran <vi...@processintelligence.com> on 2002/09/27 14:54:31 UTC

Retrieving list of Roles defined in web.xml [Revised]

I can also manage if there is a simple way to identify the roles a user
particpates in (using container managed security). There is a call for
isUserInRole() but nothing for getUserRoles()?

Any ideas?

Thanks.

-----Original Message-----
From: Vinh Tran [mailto:vinht@processintelligence.com]
Sent: Thursday, September 26, 2002 9:37 PM
To: struts-user@jakarta.apache.org
Subject: Retrieving list of Roles defined in web.xml


I would like to get a list of Roles listed in web.xml.  Is there a simple
way to retrieve info from this file or do I need to use a Digester?

 <security-constraint>
  <web-resource-collection>
   <role-name>Admin</role-name>
   <role-name>Tomcat</role-name>
   <role-name>Role1</role-name
  </auth-constraint>
 </security-constraint>

Thanks


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Retrieving list of Roles defined in web.xml [Revised]

Posted by "V. Cekvenich" <vi...@users.sourceforge.net>.
One alternative thing I have done that I consider simple is use 
container managed autherhication, and then call a getPricnciplal.
Based on the user name, I make a bean I put in session that contains all 
  kinds of information about the user, session, security. Things like 
full name, organization, roles, etc. etc.
These I them pass to beans for row based security.

It is cross app server, since it your own bean on top of the getPrinicpal().

hth,
V.

Craig R. McClanahan wrote:
> 
> On Fri, 27 Sep 2002, Vinh Tran wrote:
> 
> 
>>Date: Fri, 27 Sep 2002 08:54:31 -0400
>>From: Vinh Tran <vi...@processintelligence.com>
>>Reply-To: Struts Users Mailing List <st...@jakarta.apache.org>,
>>     vinht@processintelligence.com
>>To: struts-user@jakarta.apache.org
>>Subject: Retrieving list of Roles defined in web.xml [Revised]
>>
>>I can also manage if there is a simple way to identify the roles a user
>>particpates in (using container managed security). There is a call for
>>isUserInRole() but nothing for getUserRoles()?
>>
> 
> 
> There is no getUserRoles() method available in the servlet API, which
> means that any answer you get is going to be application server dependent.
> Indeed, it is incorrect to assume that the list of roles a user has is
> static -- it's quite conceivable for your server to define a role as "is
> it between 8:00am and 5:00pm on a weekday" and use that to limit the times
> a particular application function is available.
> 
> You're going to need to research how your underlying app server stores and
> accesses authentication information.
> 
> 
>>Any ideas?
>>
>>Thanks.
> 
> 
> Craig




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Retrieving list of Roles defined in web.xml [Revised]

Posted by Eddie Bush <ek...@swbell.net>.
I'd like to know how to get a full list of roles from Principal as well. 
 I just don't see a way to do it.  There's no method for it that I see.

Just a though:  If you're authenticating against a JDBC realm (I'm 
thinking Tomcat here, so forgive me if you're not using Tomcat), you 
could always getUserPrincipal().getName() and look at up in your role 
table (assuming you have the necessary priviledges).  That's the only 
thing that comes to mind - sorry :-(

Vinh Tran wrote:

>I suppose you are right this is related to Tomcat.  My apologies, I will
>repost there as well.  For the record, I still don't see how you can get
>Roles from Principal but I will keep looking.  Thanks anyway.
>
>-----Original Message-----
>From: Jacob Hookom [mailto:hookomjj@uwec.edu]
>Sent: Friday, September 27, 2002 9:40 AM
>To: 'Struts Users Mailing List'; vinht@processintelligence.com
>Subject: RE: Retrieving list of Roles defined in web.xml [Revised]
>
>
>You can also getPrincipal from the request, from that, you can ask for
>the roles
>
>You might want to pass this to tomcat users list... this is struts.
>

-- 
Eddie Bush




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: Retrieving list of Roles defined in web.xml [Revised]

Posted by Vinh Tran <vi...@processintelligence.com>.
I suppose you are right this is related to Tomcat.  My apologies, I will
repost there as well.  For the record, I still don't see how you can get
Roles from Principal but I will keep looking.  Thanks anyway.

-----Original Message-----
From: Jacob Hookom [mailto:hookomjj@uwec.edu]
Sent: Friday, September 27, 2002 9:40 AM
To: 'Struts Users Mailing List'; vinht@processintelligence.com
Subject: RE: Retrieving list of Roles defined in web.xml [Revised]


You can also getPrincipal from the request, from that, you can ask for
the roles

You might want to pass this to tomcat users list... this is struts.

| -----Original Message-----
| From: Vinh Tran [mailto:vinht@processintelligence.com]
| Sent: Friday, September 27, 2002 7:55 AM
| To: struts-user@jakarta.apache.org
| Subject: Retrieving list of Roles defined in web.xml [Revised]
|
| I can also manage if there is a simple way to identify the roles a
user
| particpates in (using container managed security). There is a call for
| isUserInRole() but nothing for getUserRoles()?
|
| Any ideas?
|
| Thanks.
|
| -----Original Message-----
| From: Vinh Tran [mailto:vinht@processintelligence.com]
| Sent: Thursday, September 26, 2002 9:37 PM
| To: struts-user@jakarta.apache.org
| Subject: Retrieving list of Roles defined in web.xml
|
|
| I would like to get a list of Roles listed in web.xml.  Is there a
simple
| way to retrieve info from this file or do I need to use a Digester?
|
|  <security-constraint>
|   <web-resource-collection>
|    <role-name>Admin</role-name>
|    <role-name>Tomcat</role-name>
|    <role-name>Role1</role-name
|   </auth-constraint>
|  </security-constraint>
|
| Thanks
|
|
| --
| To unsubscribe, e-mail:   <mailto:struts-user-
| unsubscribe@jakarta.apache.org>
| For additional commands, e-mail: <mailto:struts-user-
| help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: Retrieving list of Roles defined in web.xml [Revised]

Posted by Jacob Hookom <ho...@uwec.edu>.
You can also getPrincipal from the request, from that, you can ask for
the roles

You might want to pass this to tomcat users list... this is struts.

| -----Original Message-----
| From: Vinh Tran [mailto:vinht@processintelligence.com]
| Sent: Friday, September 27, 2002 7:55 AM
| To: struts-user@jakarta.apache.org
| Subject: Retrieving list of Roles defined in web.xml [Revised]
| 
| I can also manage if there is a simple way to identify the roles a
user
| particpates in (using container managed security). There is a call for
| isUserInRole() but nothing for getUserRoles()?
| 
| Any ideas?
| 
| Thanks.
| 
| -----Original Message-----
| From: Vinh Tran [mailto:vinht@processintelligence.com]
| Sent: Thursday, September 26, 2002 9:37 PM
| To: struts-user@jakarta.apache.org
| Subject: Retrieving list of Roles defined in web.xml
| 
| 
| I would like to get a list of Roles listed in web.xml.  Is there a
simple
| way to retrieve info from this file or do I need to use a Digester?
| 
|  <security-constraint>
|   <web-resource-collection>
|    <role-name>Admin</role-name>
|    <role-name>Tomcat</role-name>
|    <role-name>Role1</role-name
|   </auth-constraint>
|  </security-constraint>
| 
| Thanks
| 
| 
| --
| To unsubscribe, e-mail:   <mailto:struts-user-
| unsubscribe@jakarta.apache.org>
| For additional commands, e-mail: <mailto:struts-user-
| help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Retrieving list of Roles defined in web.xml [Revised]

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Fri, 27 Sep 2002, Vinh Tran wrote:

> Date: Fri, 27 Sep 2002 08:54:31 -0400
> From: Vinh Tran <vi...@processintelligence.com>
> Reply-To: Struts Users Mailing List <st...@jakarta.apache.org>,
>      vinht@processintelligence.com
> To: struts-user@jakarta.apache.org
> Subject: Retrieving list of Roles defined in web.xml [Revised]
>
> I can also manage if there is a simple way to identify the roles a user
> particpates in (using container managed security). There is a call for
> isUserInRole() but nothing for getUserRoles()?
>

There is no getUserRoles() method available in the servlet API, which
means that any answer you get is going to be application server dependent.
Indeed, it is incorrect to assume that the list of roles a user has is
static -- it's quite conceivable for your server to define a role as "is
it between 8:00am and 5:00pm on a weekday" and use that to limit the times
a particular application function is available.

You're going to need to research how your underlying app server stores and
accesses authentication information.

> Any ideas?
>
> Thanks.

Craig


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>