why not just use openldap? Its great, and it can be used as the basis for a single signon, I generally try to avoid doing user access and security in a SQL db, as it then ties your app to that security model and kind of makes it unusable tfor anyone else. I then have a ldap utility that looks up the user and his roles when you can then apply a check like hasKey or isSuperUser.
What u guys think? -----Original Message----- From: Stefan Trcko [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 9:57 AM To: [EMAIL PROTECTED] Cc: Struts Users Mailing List Subject: Re: Struts security Where do you store user rights (which actions user can perform). I think of storing user rights and actions which he can perform in the database and then in every action class perform SQL with username (from session) and current performed action. If SQL return that user can perform this action then forward to success page else to error page. What do you think? Is this good solution? Regards Stefan ----- Original Message ----- From: "muzammil shahbaz" <[EMAIL PROTECTED]> To: "zzStruts Users Mailing List" <[EMAIL PROTECTED]> Sent: Thursday, October 09, 2003 9:43 AM Subject: RE: Struts security > This can simple be done by authorizing user in each action class. We > have request & session attributes which may be helpful for checking the > current state of user. > > Before doing any processing, first of all, process user authentication > and if finds any restriction then forward the action to appropriate > error page. > > Regards, > MMS > > ---------- > From: Stefan Trcko [SMTP:[EMAIL PROTECTED] > Sent: Thursday, October 09, 2003 12:29 PM > To: Struts Users Mailing List > Subject: Struts security > > Hello > > I want to implement security in my struts web portal, so > that I can restrict users which actions they can > perform. > > Has anybody already worked on this kind of security in > Struts? > > Thanks in advice > Stefan > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] NOTICE: This message contains privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. The New Africa Capital Group, its subsidiaries or associates do not accept liability for any personal views expressed in this message. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
