Jeromy Evans : > Haulyn R. Jason wrote: > >> Hi,all >> I have an Authentication problem. I use Interceptor to authenticate >> actions and methods, based on different member and different role. >> Everything works well.But my client can not access some resource, for >> example a url, so they should not see the url. I think maybe I can >> re-write <s:a> tag or using an Interceptor to check should a <s:a />tag >> be rendered to the clients. I can not find any reference. >> Without this way, does struts2 have it's own way to solve the problem? >> >> Thanks! >> >> >> > > None of the struts 2 tags are aware of role. In my opinion, it's better > to leave that consideration out of these tags as you don't want security > checks scattered through all the tag variations. > > Instead customize the view using tags that render its body only if the > user has the specified role(s). > Either: > - use tags from an existing library (Tiles tags can check role I think); or > - create a custom tag that only renders the body if the principal has > the specified role(s) > eg. > <security:guard role="admin"> > <s:a href="adminpage"/> > </security:guard> > > Otherwise every tag needs to be modified and that leads to mistakes. > > *More importantly* secure the server-side first and foremost. Consider > customization of the view based on role only as a way to improve the > user's experience as it doesn't actually help secure your application. > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > Thanks, I use Interceptor to protect my application with AOP, maybe create a custom tag is the best choice for me. Create a role and check it. And, where should I find something about how to create a custom tag for struts2? I think I need to create a custom tag for struts2 because I need to access the value stack. I can not find reference from google, and when I read the source of IfTag, It's not easy to understand the life cycle.
-- Thanks! Mobile: +086-15864011231 EMail>alk:[EMAIL PROTECTED] EMail&yahoo:[EMAIL PROTECTED] Skype:saharabear 贾昊林(Haulyn Runner Jason) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
