On 1/18/06, Rivka Shisman <[EMAIL PROTECTED]> wrote: (Rearranged a bit) > 3. Is there a easy way to adjust struts-menu so it will take the > menu-to-roles data from a my database instead of from menu-config?
Apparently this is possible-- the release notes for version 2.2 mention it: http://struts-menu.sourceforge.net/status.html Keep in mind the example we're discussing is from a years-old app that has all sorts of weird restrictions due to our other non-standard systems. And I'm not sure I'd do it the same way now. :) If you can use the standard form-based authentication and user roles, then I'd definitely advise doing that. But to answer your questions... > 1. Does the getRoles() method in the BenWebUser Class get the roles for > a specific menu from the menu-config? No, the user's roles are retrieved from a database and put into the 'user' object when it is created. The roles for a specific menu are in menu-config.xml. > 2. How do you secure your web app if not by container security? only by > hiding menus? What if someone knows the url to the hidden menu? There is a Filter that redirects to a campus-wide authentication system. When you log in there, that system redirects back to my app. The Filter then creates the 'user' object and lets the (wrapped) request continue through. Then the menus are hidden, then the Action itself checks the user's permissions before executing and returning a result. This part needs rewriting... it was done before I added Struts Menu. There's a 'roles' tag on <action> in struts-config.xml that might also be useful. -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
