Another option I believe is to let the j2ee container handle security. I'm
not up on all the jargon, but I'm using roles and form-based security. Here
are some code snippets from some relevant files:
web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>GeneralAgent</web-resource-name>
<url-pattern>/do/generalAgent/*</url-pattern>
<url-pattern>/do/company/*</url-pattern>
<url-pattern>/do/reportOptions/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ga</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Agent</web-resource-name>
<url-pattern>/do/login/* </url-pattern>
<url-pattern>/do/agent/* </url-pattern>
<url-pattern>/do/policy/* </url-pattern>
<url-pattern>/do/commissionStatement/* </url-pattern>
<url-pattern>/do/commissionStatementPrint/* </url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ga</role-name>
<role-name>a</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/WEB-INF/jsp/Login.jsp</form-login-page>
<form-error-page>/WEB-INF/jsp/LoginBad.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>a</role-name>
</security-role>
<security-role>
<role-name>ga</role-name>
</security-role>
Then in Tomcat's server.xml file (other containers should support something
similar). Basically you can tell the container where to get a user's role
from a database when they login.
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
connectionURL="jdbc:microsoft:sqlserver://BB-SERVER:1433;DatabaseName=commis
sion;SelectMethod=cursor"
connectionName="dbLogin" connectionPassword="dbPassword"
userTable="agent" userNameCol="login" userCredCol="password"
userRoleTable="agent" roleNameCol="role" />
You also have to create the Login.jsp and LoginBad.jsp files. This link
talks a little more about it. http://www.jguru.com/faq/view.jsp?EID=115231
-----Original Message-----
From: Nadeem Bitar [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 18, 2004 12:30 PM
To: Struts Users Mailing List
Subject: Re: Role based access?
You have to use JAAS. If you are not using JAAS and still want to use
the roles attribute in your action mapping you have to override the
processRoles method .
On Wed, 2004-02-18 at 20:49 +0530, [EMAIL PROTECTED] wrote:
> Hi Guys,
>
> Struts-config.xml
> <action attribute="Form" roles="userRole">
>
> How do i use this 'roles' attribute to implement role-based access.
>
> Thanks and Regards
>
> Subramaniam Olaganthan
> Tata Consultancy Services
> Mailto: [EMAIL PROTECTED]
> Website: http://www.tcs.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
