<snip> 2) During login-action fill a java bean with all actions a user can perform </snip>
This can be problematic if your requirements are that when the admin/superuser/bofh modifies the users permissions such changes must be reflected immediately (ie: without that user having to log out and log back in again). (I suppose you could store that bean in servlet rather than session scope and so update it when the admin changes permissions, but that wouldnt work in a distributed env) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 October 2003 17:48 To: Struts Users Mailing List Subject: Re: Struts security Hello, sorry, my english is not so good, perhaps I haven'g got the point yet (and I'm new to struts so I don't know if it works). Every time a user clicks a link ( => call an action ) you want to check if the user has the permissions for this action and if the user has not the permission show an error page? In my opinion that solution is not so good, especially for users :) Perhaps you can do the following: 1) Code a login-Page 2) During login-action fill a java bean with all actions a user can perform 3) Build your view based on this java bean So users only see the actions they are allowed to perform. Regards, Markus Stefan Trcko <[EMAIL PROTECTED]> schrieb am 09.10.2003, 09:57:13: > Where do you store user rights (which actions user can perform). > I think of storing user rights and actions which he can perform in > the database and then in every action class perform SQL with username (from > session) > and current performed action. If SQL return that user can perform this > action > then forward to success page else to error page. > > What do you think? Is this good solution? > > Regards > Stefan > > > ----- Original Message ----- > From: "muzammil shahbaz" > To: "zzStruts Users Mailing List" > Sent: Thursday, October 09, 2003 9:43 AM > Subject: RE: Struts security > > > > This can simple be done by authorizing user in each action class. We > > have request & session attributes which may be helpful for checking the > > current state of user. > > > > Before doing any processing, first of all, process user authentication > > and if finds any restriction then forward the action to appropriate > > error page. > > > > Regards, > > MMS > > > > ---------- > > From: Stefan Trcko [SMTP:[EMAIL PROTECTED] > > Sent: Thursday, October 09, 2003 12:29 PM > > To: Struts Users Mailing List > > Subject: Struts security > > > > Hello > > > > I want to implement security in my struts web portal, so > > that I can restrict users which actions they can > > perform. > > > > Has anybody already worked on this kind of security in > > Struts? > > > > Thanks in advice > > Stefan > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
