Hi ,
On these lines you can do Authorization and Authentication in Struts.
But it calls the tomcat 404 page, I am still doubtful as how to call a
customised page in this regards.
Can anyone help.
The below portion of code i believe should help in the given context.
Shilpa




private boolean _403 (  HttpServletRequest request, HttpServletResponse
response, ActionMapping mapping ) throws IOException
    {
    response.sendError ( HttpServletResponse.SC_FORBIDDEN, "No Access" );

    return false;
    }


 public boolean allowAccess(String sRequestURL, ArrayList arrActions)
    {
        boolean bAllowAccess = false;
        String tempURL="";
        StringTokenizer stTok= new StringTokenizer(sRequestURL,".");
        String beforeTemp =stTok.nextToken();
        tempURL=beforeTemp.concat(".do");

                if() {
          //Compare or do all ur security checks in this function

                    bAllowAccess =true
                }
                }
            }

        return bAllowAccess;
    }

protected boolean processRoles ( HttpServletRequest request,
HttpServletResponse response, ActionMapping mapping) throws IOException,
ServletException
    {
    if ( request.getSession ( false ) == null ) return _403 ( request,
response, mapping );


    Roles objRoles = new Roles();
    HashMap ht_roles;

//Another condition
    if ( isWhiteSpace ( mapping.getRoles() ))
        return true;

    String sUrl = request.getServletPath();

    ServletContext ctx =getServletContext();
    HashMap hmRightsMap = (HashMap)ctx.getAttribute("rightsMap");

    try
        {

        RightsReader rightreader = new RightsReader( );
        ArrayList arrFinal=
rightreader.FilterRights(hmRightsMap,arrObtainrights);

        //last security check
        if(allowAccess(sUrl,arrFinal)==true)
                 return true;


    }catch(Exception e)
        {
        e.printStackTrace();
        }

    //call the _403 method
    return _403 ( request, response, mapping );

    }
}

-----Original Message-----
From: news [mailto:[EMAIL PROTECTED] Behalf Of Hal Klimer
Sent: Tuesday, July 06, 2004 12:22 AM
To: [EMAIL PROTECTED]
Subject: Authorization and Authentication in Struts


I have a question on how to implement authorization and authentication with
the
Struts framework. In several DB tables we have users, groups, permissions,
acls, etc where the security information is stored. We would like to
integrate
this information, in the best possible way with Struts. From what I have
read
so far it's seems that best place, perhaps, is to place this request
validation
code is in the processPreprocess() or the processRoles() of a user extended
version of the RequestProcessor class. That way one could "look" at the
request
first, validate it against the logged user and his ACL and decide to let him
pass or not. If this is the case how do I generate a "redirect" to a "not
allowed/no security" action (possibly by overriding the
processActionPerform()
method) or just throw a NotAuthorizedException and let a global exception
handler in Struts take care of it?
Is this a correct path of action? Please excuse me if this has been already
talked about, maybe someone could lead me to previous discussions about how
to
do this. Thanks in advance.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-- 


"This e-mail message may contain confidential, proprietary or legally privileged 
information. It 
should not be used by anyone who is not the original intended recipient. If you have 
erroneously 
received this message, please delete it immediately and notify the sender. The 
recipient 
acknowledges that ICICI Bank or its subsidiaries and associated companies,  
(collectively "ICICI 
Group"), are unable to exercise control or ensure or guarantee the integrity of/over 
the contents of the information contained in e-mail transmissions and further 
acknowledges that any views 
expressed in this message are those of the individual sender and no binding nature of 
the message shall be implied or assumed unless the sender does so expressly with due 
authority of ICICI Group.Before opening any attachments please check them for viruses 
and defects." 


Reply via email to