Thank you for answers. Your method looks good Cimbali. But do you think it would be really better than an object which describe the role of the user stored in the session map ?
At firstline of each action in java, i would have: 'if (role.hasRighMethodName == true) .. Do you think your method is more convinient and more secured, or it's basicly the same ? On Fri, Apr 16, 2010 at 11:15 AM, Cimballi <cimballi.cimba...@gmail.com>wrote: > Hi Stephane, > > As Kun says, you have to test the role in your action. > One way to do it it to have a super action with a permission property, > and you set the permission property with a static param in your struts > xml files using the StaticParameters interceptor. > Then, you add a hasPermission method to your super class, and you > write a PermissionInterceptor which calls the hasPermission method. > Finally you add the PermissionInterceptor interceptor to your stack on > all protected actions. > > Cimballi > > > On Thu, Apr 15, 2010 at 9:39 PM, Kun Niu <haoniu...@gmail.com> wrote: > > You should check the authentication all by yourself in your action. > > > > Stephane Cosmeur wrote: > >> > >> Hello struts users > >> > >> I have a really basic security problem and i would like to know what is > >> the > >> best practice to resolve it. > >> > >> I have an application with an authentification system and diffrent > rights > >> for diffrent type of user. To add or remove a link/fonctionnality, we > >> simply > >> declarate the element in a <s:if test=..> balise. But the problem is the > >> actions are still available by typing URL in bar address. > >> > >> How can i fix it ? > >> > >> Regards, > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > -- > Cimballi > JAVA J2EE Freelance > http://cimballi.elance.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- Stéphane Cosmeur 06 33 54 36 04
