Tim Christopher wrote:
Hi,
I am designing a web application using Struts, which will run using Tomcat. The system will have upwards of 1000 users, with each user having any number of around 10 possible roles.
I'm currently thinking of using JDBCRealm within the Tomcat
Sounds good
xml file
to set the roles for each of the users,
You set it in DB not in XML.
then extending the
RequestProcessor to ensure only authorised users can enter the secure
area.
You don't need to do that.
I then have a number of menu options that should only be made
visible to users with certain roles;
Try Struts menu. hth, .V
I intend to use logic:present role=".." or req:isUserInRole role="..." to do this - from what I can see they are functionally identical(?).
I guess what I'd like to know is: * Will this approach actually work? * Is there a better way? * Will any changes to user roles made within the database automatically update the roles that tomcat uses from the JDBCRealm, or will it require a server restart? * Also if I use a check within the jsp like logic:present role=".." to decide if a component should be dispalyed, I have read it is also advisable to require to presence of a role to use the Action. This method will require two updates to allow an additional an additional role to access a resource (update in the jsp, and in the xml file) - is there a way around this?
Thank you in advance,
Tim Christopher
-- RiA-SoA w/JDNC <http://www.SandraSF.com> forums - help develop a community My blog <http://www.sandrasf.com/adminBlog>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
