One alternative thing I have done that I consider simple is use container managed autherhication, and then call a getPricnciplal. Based on the user name, I make a bean I put in session that contains all kinds of information about the user, session, security. Things like full name, organization, roles, etc. etc. These I them pass to beans for row based security.
It is cross app server, since it your own bean on top of the getPrinicpal(). hth, V. Craig R. McClanahan wrote: > > On Fri, 27 Sep 2002, Vinh Tran wrote: > > >>Date: Fri, 27 Sep 2002 08:54:31 -0400 >>From: Vinh Tran <[EMAIL PROTECTED]> >>Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>, >> [EMAIL PROTECTED] >>To: [EMAIL PROTECTED] >>Subject: Retrieving list of Roles defined in web.xml [Revised] >> >>I can also manage if there is a simple way to identify the roles a user >>particpates in (using container managed security). There is a call for >>isUserInRole() but nothing for getUserRoles()? >> > > > There is no getUserRoles() method available in the servlet API, which > means that any answer you get is going to be application server dependent. > Indeed, it is incorrect to assume that the list of roles a user has is > static -- it's quite conceivable for your server to define a role as "is > it between 8:00am and 5:00pm on a weekday" and use that to limit the times > a particular application function is available. > > You're going to need to research how your underlying app server stores and > accesses authentication information. > > >>Any ideas? >> >>Thanks. > > > Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
