Struts2 - Image Approval Process
I need to allow a user to log in to my struts2 web app and approve an image. They can only see their images pending approval and should not have access to the rest of the site. This is to replace an old process of emailing the user images pending approval. Please! Does anyone have any ideas about how this could be done?? -- View this message in context: http://old.nabble.com/Struts2---Image-Approval-Process-tp30834627p30834627.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 - Image Approval Process
Thats a good point Dave, I could create a separate app for this as they will not need to see my web app, they only need to see the image and click a radio button to approve or not. Would you recommend a login approach or some kind of temporary url. I need security but would like to avoid issuing login details? Currently not using spring, just struts2, mysql, json, jquery etc. Thanks for the quick reply. Dave Newton-6 wrote: > > On Thu, Feb 3, 2011 at 6:10 AM, eRobot wrote: >> I need to allow a user to log in to my struts2 web app and approve an >> image. >> They can only see their images pending approval and should not have >> access >> to the rest of the site. >> >> This is to replace an old process of emailing the user images pending >> approval. >> >> Please! Does anyone have any ideas about how this could be done?? > > There are many ways this can be done, depending on a bunch of factors. > > (You're not asking about "how to have users that can log in" part, > right? Just the approval part? There are a zillion examples of user > authentication and authorization everywhere.) > > It sounds like you just want to role-restrict request handling, and > role-disable view components (unless you just want a completely > separate UI altogether, your requirements don't specify). > > If you want to restrict *all* access to your web app *except* this, > including things like help pages or any other site functionality, why > even have it as the same web app? > > Are you using Spring? > > Dave > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://old.nabble.com/Struts2---Image-Approval-Process-tp30834627p30835124.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 - Image Approval Process
what about something like this: Create a token using a UUID and add it to a database along with creation time and what the token should grant access to. Send an email to the user with the url http://www.mysite.com/page?token=zxczxczxczxczxc When the user navigates to the url, create new session with the desired timeout. Check the creation time against current time for old urls. Either delete the token from the database, or mark it as expired So the user could access this url for 1 day for example and make decisions. Dave Newton-6 wrote: > > On Thu, Feb 3, 2011 at 7:17 AM, eRobot wrote: >> Thats a good point Dave, I could create a separate app for this as they >> will >> not need to see my web app, they only need to see the image and click a >> radio button to approve or not. >> >> Would you recommend a login approach or some kind of temporary url. >> I need security but would like to avoid issuing login details? > > Easiest would be to generate some sort of GUID associated with the > picture and email the person a link to it. You could either use a GUID > per photo, or per user, or whatever. > > It ain't perfect, but it might be "good enough", at least if you have > email addresses. > > Dave > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > -- View this message in context: http://old.nabble.com/Struts2---Image-Approval-Process-tp30834627p30836134.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
