Are you testing your action with the action mapping you showed? Remember, the
roles are tied to a mapping, not the action class.
Vinicius Carvalho <[EMAIL PROTECTED]> wrote: Well I tried this but did not work:
roles="ADMIN,MANAGER"
type="com.acme.InvoiceList" name="invoiceForm" input="/invoicelist.do">
And on my action:
String roles[] = mapping.getRoleNames();
Problem is that roles has a zero size array.
What have I done wrong here?
Best Regards
On 6/28/06, Paul Benedict
wrote:
> Vinicius,
>
> #1: Do you have any kind of a user object? If so, use the
> HttpServletRequestWrapper to wrap it up in the current request (via a
> filter), and then delegate its isUserInRole method to the user.
>
> #2: Each action mapping has a "role" attribute; it contains a comma delimited
> list of roles that may access the action.
>
> Paul
>
> Vinicius Carvalho wrote: Hello there! I know this kind of question has been
> very very
> discussed. But I've been away from struts for a while.
>
> I need to create two types of actions, one that anyone can access and
> a secure one, based solely on user's roles.
>
> Here's what I've come in mind:
>
> public abstract class BaseAction extends ActionSupport {
>
> protected boolean isUserInRole(HttpServletRequest request){
> return true;
> }
>
> public ActionForward execute(ActionMapping mapping, ActionForm form,
> HttpServletRequest request, HttpServletResponse response) throws
> Exception {
> ActionForward forward = null;
> if(isUserInRole(request)){
> forward = doExecute(mapping,form,request,response);
> }else{
> forward = mapping.findForward("global.naoPermitido");
> }
> return forward;
> }
>
> public abstract ActionForward doExecute(ActionMapping mapping,
> ActionForm form, HttpServletRequest request, HttpServletResponse
> response) throws Exception;
>
>
> public abstract class SecureAction extends BaseAction {
>
> protected boolean isUserInRole(HttpServletRequest request) {
> HttpSession session = request.getSession();
>
> return super.isUserInRole(request);
> }
>
>
> }
>
> Now here's the question :
>
> I'd like to have all SecureAction's subclasses to inform it's parent
> class about which role is required to access that class. It would be
> very nice if that could be done by configuration struts-config.
>
> I was reading about the set-property param. So I could have a
> role:String property on my SecureAction and all subclasses would have
> accessor/muttators for it.
>
> Which would be a nice design for this requirement? I mean, whats the
> best alternative?
>
> Regards
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> ---------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
> starting at 1�/min.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
starting at 1¢/min.
