Mark, Do you have experience with security filter? Have you examined the source code?
I went to SourceForge to get the download. There was a JAR but no source except for a limited implementation class. I would not want to implement a security filter without seeing the source. Can anyone tell me where to find the source? Mike --- Mark Zeltser <[EMAIL PROTECTED]> wrote: > Siva, > > Take a look at authentication provided by web container. One of the > reasons to > use your own authentication is to make it deployable on any > container. However, > you can use securityfilter to make this transparent. > > Suggestion: search the archives on security/securityfilter. Spend > some time > understanding provided authentication mechanism. Usually, there is > no need to > reinvent the wheel. > > Mark. > > > "Jagadeesan,Sivakumar" wrote: > > > Mark: > > > > It is a very simple system. The user logs into the system. The > user role is > > based on the what kind of membership that user is in. So the role > for a user > > will keep changing. So the only place I thought I could map the > user to role > > is in database. So it will be pure business logic rather then > something I do > > in deployment time. > > > > If I am wrong in my approach pls let me know how I could do this > thanx > > > > --Siva Jagadeesan > > > > -----Original Message----- > > From: Mark Zeltser [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 27, 2003 5:02 PM > > To: Struts Users Mailing List > > Subject: Re: Actions based on Role > > > > Why do you want to have your own authentication system? > > > > Mark. > > > > "Jagadeesan,Sivakumar" wrote: > > > > > I guess I have to do that way > > > So I have manually chk every time whether that user is > authorized to > > access > > > this Action, rather then having it in struts-config.xml which > is more > > > configurable > > > > > > -----Original Message----- > > > From: Edgar Dollin [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, March 27, 2003 4:55 PM > > > To: 'Struts Users Mailing List' > > > Subject: RE: Actions based on Role > > > > > > If you use a filter, to filter actions based on role, the > action wouldn't > > > have to know about security. If your authentication sticks the > user > > > information into the session, the action could make decisions > based on the > > > user information. > > > > > > Edgar > > > > > > > -----Original Message----- > > > > From: Jagadeesan,Sivakumar > > > > [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, March 27, 2003 3:50 PM > > > > To: 'Struts Users Mailing List' > > > > Subject: Actions based on Role > > > > > > > > > > > > I have web application where users could of three types > (Roles) > > > > > > > > 1) Basic User > > > > 2) Silver User > > > > 3) Gold User > > > > > > > > According to Type / Role of user some actions could be > > > > performed or not performed. > > > > > > > > I could set in my stuts-config.xml, the role based access in > > > > Action Element > > > > > > > > I am having my own authentication System that uses the > > > > database . The User table has the userName and also the Role. > > > > > > > > I am not sure how could I create a Role that the Action is > > > > expecting , if I am using my own authentication > > > > > > > > Thanx > > > > --Siva Jagadeesan > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > -- > > NOTICE: If received in error, please destroy and notify sender. > Sender does > > not waive confidentiality or privilege, and use is prohibited. > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > -- > NOTICE: If received in error, please destroy and notify sender. > Sender does not > waive confidentiality or privilege, and use is prohibited. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
