From: "Aleksandar Matijaca" <[EMAIL PROTECTED]>
> these roles you mention, are these JAAS roles? I think that JAAS
> roles would be way too much of an overkill for me...
Definitely not JAAS. And in my case, not even Container-Managed Security
(though it pretends to be). :)
I have Struts Menu configured to use the result of calling
request.isUserInRole() to decide whether to display a menu item. This is as
simple as using the "magic" value 'rolesAdapter' in the tag, which causes it
to use its RolesPermissionsAdapter:
<menu:useMenuDisplayer name="TabbedMenu"
bundle="org.apache.struts.action.MESSAGE"
permissions="rolesAdapter"> ...
I didn't look closely, but I'm fairly sure you can plug in a different
PermissionsAdapter if you need to.
In my case, authorization info is stored in a database [that does not easily
speak JDBC] underneath a 3rd party telnet app. I have a Filter in front of
the webapp that gets the authorization info out of the database, places a
'User' object in the session, and then wraps the request and overrides
isUserInRole().
To do this "right" you'd probably want to override getUserPrincipal as
well-- in fact if you can wait a bit, I *think* Frank has in mind to add a
generic, configurable version of this idea to his Java Web Parts project.
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
