I have actually been trying this to show or hide certain buttons. But I keep getting an error
[ServletException in:/WEB-INF/default/body/medical/medicalHistory.view.jsp] /WEB-INF/default/body/medical/allergies.view.jsp(140,4) Attribute roles invalid according to the specified TLD' org.apache.jasper.compiler.CompileException: /WEB-INF/default/body/medical/allergies.view.jsp(140,4) Attribute roles invalid according to the specified TLD at org.apache.jasper.compiler.TagBeginGenerator.validate............ Can someone please help me to get a functionality like this: <logic:present roles="gold, platinum"> <html:submit property="action" styleClass="form_button"> <bean:message key="button.edit"/> </html:submit> </logic:present> --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our "Personal Emergency Alert & Contact System" can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 --- ----- Original Message ----- From: "Craig R. McClanahan" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]>; "Martin Naskovski" <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 10:28 PM Subject: Re: <logic:present roles="..."> tag - how to specify permissions (on top of roles)? > On Fri, 6 Jun 2003, Martin Naskovski wrote: > > > Date: Fri, 6 Jun 2003 16:57:08 -0700 > > From: Martin Naskovski <[EMAIL PROTECTED]> > > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>, > > Martin Naskovski <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: <logic:present roles="..."> tag - how to specify permissions (on > > top of roles)? > > > > Hi all - I have the following issue w/Struts' (or maybe even the Servlet > > API) role-based security model. > > > > If I had something like this in a JSP: > > > > <logic:present roles="user, admin"> > > show an input field to change your password > > </logic> > > > > how can I - within the current confines of Struts (1.1) and the Servlet API > > (2.3), instead of hardcoding the roles in the JSP (user, admin) where a > > password change field (or some other common function across a set of roles) > > is presented, do something like the following: > > > > <logic:present permission="changePassword"> > > show an input field to change your password > > </logic:present> > > > > I know the "permission" attribute currently does not exist, however, IMHO, > > this (permissions based on roles) is a very valid concept. So, instead of > > defining a "changePassword" _role_, I would have a 'changePassword' > > permission, which would be shared among a number of roles. Clearly, being > > an admin or a user is a _role_ whereas changing a password is a permission > > (or a functionality or a function...) > > > > I don't see anything of this nature that would facilitate this in Struts, > > or Resin, which is what we are using to do our development... So I'm > > wondering, has someone else encountered a this issue and how did they > > resolve it? > > > > Does JAAS alleviate some of this? Does it apply to Resin 2.1.x somehow? > > > > JAAS doesn't have anything to do with this -- however, there is a > little-known feature of container-managed authorization that should help > you out in at least *some* of these use cases -- role links. > > The basic idea is that an application "hard codes" it's own notion of what > role identifiers mean; but it turns out that the server you are deploying > onto has a different meaining for those things. To solve this, you can > tweak the web.xml file with an element like this, inside the <servlet> > element for ActionServlet: > > <servlet> > <servlet-name>Struts Controller Servlet</servlet-name> > <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> > ... > <security-role-ref> > <role-name>foo</role-name> > <role-link>bar</role-link> > </security-role-ref> > </servlet> > > What this means, essentially, is that "if the Struts Controller Servlet > asks if a user has role "foo", the container should really check for role > "bar" instead. Using this, adapting the differences between how an > application is coded and how the security infrastructure is really set up > is not a problem. > > Note that security roles are defined on a per-servlet basis, so the above > setting covers any checks of roles by the Struts Controller Servlet > itself (and that means it covers checking the "role" attribute of <action> > elements). If you want to use things like <logic:present role="foo"> in > your JSP pages, you'll need to define individual <servlet> elements for > them as well. > > > > Thank you. > > Martin > > Craig > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]