I thought about that... But the "protection" is based
on role, and the "state" of the JSP page
Basically anyone can update any field if adding a new
record..
But if updating an existing record, only certain
users.
And the less privleged user should be able to "see"
the data so I wanted to use "disabled" on my Struts
tags if the record is being updated and if the user
doesn't have privileges.
In code I'd set disabled if (!authorized && update)
So if i am using <html-el:select disabled=${disabled}>
I can set disabled=(!authorized && update) in my
Action.
Though it seems like I shouldn't have to do that in
code (rather do it in the JSP or from configuration.
--- Scott McCrory <[EMAIL PROTECTED]> wrote:
> On Tue, 10 May 2005 04:50:47 -0700 (PDT), Greg Akins
> wrote
> > I have a page that, from a security standpoint, is
> > split in two.
> >
> > The first half of the page can be updated by
> anyuser
> > if a given session attribute is set, otherwise it
> can
> > only be updated by certain users.
> >
> > The second half of the page can be updated by
> anyone.
> >
> > I was thinking I should check for Authorities in
> my
> > Action class and set a boolean to false if I don't
> > find the correct role. Then use that boolean as a
> > "disabled" on the Struts page elements.
> >
> > However, I'd imagine someone with more experience
> has
> > a better way to do this? Can someone give me some
> > advice on this?
>
> The Acegi AUTHZ tag would be perfect for this. Just
> "wrap it around" the
> section that requires elevated rights, keying off
> the role(s) the user needs
> to have.
>
> Scott
>
>
>
-------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space
> Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
>
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
> _______________________________________________
> Home: http://acegisecurity.sourceforge.net
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
