RE: security roles

Mon, 14 Jun 2004 13:18:17 -0700 

Thanks Pedro. 

I am not using Tomcat, instead I am using IBM WSAD , so if I define the following 
lines in web.xml, 

<security-role>
        <description>A normal employee user</description>
        <role-name>Employee</role-name>
</security-role>
<security-role>
        <description>a manager user can do PR</description>
        <role-name>Manager</role-name>
</security-role>

can I access Employee and/or Manager role in struts-config.xml?

(2)also say a manager logon our sites, I can obtain the info for this user such as 
"managerFlag", and then where should I put the logic to decide whether the user is a 
manager or an employee, and how to map this user to a security-role defined above?






-----Original Message-----
From: Pedro Salgado [mailto:[EMAIL PROTECTED]
Sent: Monday, June 14, 2004 3:38 PM
To: Struts Users Mailing List
Subject: Re: security roles



  In struts-config.xml, define the actions this way:


Only manager can execute the action

<action ...

  roles="manager"
/>

Only employee can execute the action

<action ...
  roles="employee"
/>

Manager or employee can execute the action

<action ...
    roles="manager, employee"
/>


Everyone can execute the action

<action ...
  roles=""
/>


You can define the roles on your TOMCAT_HOME/conf/tomcat-users.xml (for
Tomcat 4.1.30).

Pedro Salgado


On 04/06/14 20:24, "Zhang, Larry (L.)" <[EMAIL PROTECTED]> wrote:

> I want to define two security roles, one of which is employee and another is
> manager. Employee is not able to see some resources belonging to manager.
> Under J2EE standard, we can define these in web.xml, it also seems to me that
> this can be done in struts.
> 
> Can you point out how to perform this task? Detailed instruction is
> appreciated.
> 
> Thanks.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to