On Thu, Jul 8, 2010 at 1:09 PM, Burton Rhodes wrote:
> I say we start another thread to discuss more about this ducussion.
I think that would fit best in the "struts-users-meta" list ;)
-Brian
-
To unsubscribe, e-mail: user-un
I say we start another thread to discuss more about this ducussion.
On Thu, Jul 8, 2010 at 9:31 AM, Dale Newfield wrote:
> On 7/8/10 10:17 AM, MB wrote:
>>
>> "Using Struts 2.x can we do authorization of client request, if yes
>> what are the best practices"
>
> That answer has been given 3 times
On 7/8/10 10:17 AM, MB wrote:
"Using Struts 2.x can we do authorization of client request, if yes
what are the best practices"
That answer has been given 3 times in this thread: Spring Security.
The best practices are to learn about architecture and security, which
are completely independent
Dale Newfield suggested:
>Not a single one of your questions relates to struts.
How exactly doesn't "Using Struts 2.x can we do authorization of client
request, if yes what are
the best practices" apply to Struts? Or "we can discuss what practises
can be followed to implement this logic using str
This isn't your architecture review board. This is a mailing list
supporting struts, just one of many components in your application.
Not a single one of your questions relates to struts.
-Dale
-
To unsubscribe, e-mail: user-
Dear List Members,
Lot of theory put here now lets talk with example.
Lets assume there are three roles a user can have
1. user
2. manager
3, admin
Lets assume a simple CRUD use case which has four actions
1. insert
2. update
3. delete
4. list
Now
A. Part 1.
1. users loged in with user & ma
On 7/7/10 2:26 PM, Amol Ghotankar wrote:
Part 2 . How to control access of data from back end database based on
action/user-role.
i.e how much data should be returned through called action, 10 rows, 100
rows or 1000 rows from database, based on user role and/or called action.
Whether data sh
On Wed, 2010-07-07 at 14:40 -0400, Dale Newfield wrote:
> On 7/7/10 2:11 PM, Ken wrote:
> > This is a hand rolled solution I used:
> > Create an interceptor which checks if a User object exists when
> > accessing a secure package, if it does not exist redirect the user to a
> > login page and reco
On 7/7/10 2:11 PM, Ken wrote:
This is a hand rolled solution I used:
Create an interceptor which checks if a User object exists when
accessing a secure package, if it does not exist redirect the user to a
login page and record the initial url (will redirect back to that page
after login).
This
Dear List member,
The issue we are discussing here is Authorization using Struts2x.
Part 1. How to control access of actions
i.e which actions can be accessed by which user role
Part 2 . How to control access of data from back end database based on
action/user-role.
i.e how much data should b
On Wed, 2010-07-07 at 13:34 -0400, Dale Newfield wrote:
> On 7/7/10 1:28 PM, Amol Ghotankar wrote:
> > 2 . decide how much data to access.
> >
> > This I am really working something where struts2 intercepter will read what
> > role the user has and set some global role for that reqest which will b
On 7/7/10 1:28 PM, Amol Ghotankar wrote:
2 . decide how much data to access.
This I am really working something where struts2 intercepter will read what
role the user has and set some global role for that reqest which will be
read by dao to use to fetch the data.
The interceptor cannot know in
Dear List members,
1. decide which action are allowed and which are not,
What I used was a spring AOP which intercepted Struts 2 actions, this was
very simple and straight forward.
2 . decide how much data to access.
This I am really working something where struts2 intercepter will read what
r
On Wed, Jul 7, 2010 at 8:31 AM, Dale Newfield wrote:
> Including a notice like this on a request for help sent to a public,
> archived mailing list is obnoxious. JSYK, I've been seriously considering
> instituting a personal policy whereby I will never respond to such messages.
>
> -Dale
I think
On 7/7/10 7:04 AM, Amol Ghotankar wrote:
Authorization will have two parts
1. decide which action are allowed and which are not,
Spring Security.
2 . decide how much data to access.
Means if I have a database which has 100 rows, then to show 100 or 10 or 50
based on the role of the user an
Dear List members,
Using Struts 2.x can we do authorization of client request, if yes what are
the best practices for the same please discuss.
Authorization will have two parts
1. decide which action are allowed and which are not,
2 . decide how much data to access.
Means if I have a database
16 matches
Mail list logo
