On 1/18/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
(Rearranged a bit)
> 3. Is there a easy way to adjust struts-menu so it will take the
> menu-to-roles data from a my database instead of from menu-config?
Apparently this is possible-- the release notes for version 2.2 mention it:
http://str
@struts.apache.org; Rivka Shisman
Subject: Re: Enabling links according to user's authorization
On 1/17/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
Wendy wrote:
> > I use Struts Menu to conditionally display menu items based on user
> > roles. Rather than configure the container
On 1/17/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
Wendy wrote:
> > I use Struts Menu to conditionally display menu items based on user
> > roles. Rather than configure the container to handle it, I have a
> > Filter that wraps the request, and the request wrapper overrides the
> > isUserInRole
, 2006 6:01 PM
To: Struts Users Mailing List
Cc: Rivka Shisman
Subject: Re: Enabling links according to user's authorization
Rivka,
Great question. What I have done in the past (and maybe there are better
ways) is to:
1) When the user logs into the application, I cache off the users role
as
Rivka Shisman wrote:
> Can you please send an example code of overloading the processRoles
> method? And also the relevant part in struts config file?
>
Too busy right now, but
http://www.onjava.com/pub/a/onjava/2004/11/10/ExtendingStruts.html might
give you enough info to start on your own.
As
Brian Trzupek wrote:
> Great question. What I have done in the past (and maybe there are
> better ways) is to:
> 1) When the user logs into the application, I cache off the users role
> as well as other attributes (usually in a small User object in
> session). thes attributes are the result of load
can hide the links. Just for one variable i think there is no need to call the
database.use can use or for this.
-Original message-
From: "Rivka Shisman" [EMAIL PROTECTED]
Date: Wed, 11 Jan 2006 04:18:23 -0800
To: "Struts Users Mailing List" user@struts.apache.or
2006 04:18:23 -0800
> To: "Struts Users Mailing List" user@struts.apache.org
> Subject: Enabling links according to user's authorization
>
> > Hi everyone,
> >
> > We have a web application running on Websphere Application Server V6.
> > Say I have a JSP page
ed, 11 Jan 2006 04:18:23 -0800
To: "Struts Users Mailing List" user@struts.apache.org
Subject: Enabling links according to user's authorization
> Hi everyone,
>
> We have a web application running on Websphere Application Server V6.
> Say I have a JSP page that enables w
On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
> From what i know, i can hold a DB table that indicates for each user and
> table - which operations are allowed.
> But, my question is - what is the right way to do that on the JSP page?
> Do i call this security table on each page load and hi
Evans [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 3:25 PM
To: Struts Users Mailing List
Subject: Re: Enabling links according to user's authorization
Hi Rivka,
You could hide the links by creating a custom tag that only evaluates its body content if the
current user has th
ure I understand the User bean structure, can you please send
it?
Thanks a lot
Rivka
-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Danny Lee
Sent: Wednesday, January 11, 2006 3:48 PM
To: user@struts.apache.org
Subject: Re: Enabling links according to user's aut
: Enabling links according to user's authorization
Hi Rivka,
You could hide the links by creating a custom tag that only evaluates its body
content if the
current user has the required permission. e.g.
But in addition to this you could stop the request
e each version shows different combination of links?
>
> Thanks
> Rivka
>
>
> -Original Message-
> From: Gareth Evans [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 11, 2006 2:59 PM
> To: Struts Users Mailing List
> Subject: Re: Enabling links according to user&#x
Do it simple,
put a User bean into session scope just after user loged-in.
Every user have a User.PERMISSIONS property.
Then in JSP you do surround the links with JSTL
the link, otherwise not.
In all Actions you check the User too, and if there a problem (which
means he put the forbiden actio
EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 2:59 PM
To: Struts Users Mailing List
Subject: Re: Enabling links according to user's authorization
In addition to hiding the links, extend the requestprocessor to check against the current user and
your security table. If permission is deni
s Users Mailing List
Subject: Re: Enabling links according to user's authorization
In addition to hiding the links, extend the requestprocessor to check against
the current user and
your security table. If permission is denied you could forward to a different
page.
the best place
In addition to hiding the links, extend the requestprocessor to check against the current user and
your security table. If permission is denied you could forward to a different page.
the best place to do this is in the processPreprocess(HttpServletRequest, HttpServletResponse )
method.
Just
Well, of course each action should have its control of the access.
I meant: hide the links and control through the actions, so no one will
access them with a direct link.
On 1/11/06, Thomas Joseph <[EMAIL PROTECTED]> wrote:
>
> > Hide the links.This way, you won't let him lose time trying to acces
> Hide the links.This way, you won't let him lose time trying to access things
> he can't and his view of the interface will be more clear.
>
But that won't do good, if for clever people, who would play with the URLs with
their limited access rights and access what is not meant for them. Probably
Hide the links.This way, you won't let him lose time trying to access things
he can't and his view of the interface will be more clear.
On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
>
> Hi everyone,
>
> We have a web application running on Websphere Application Server V6.
> Say I have a JSP
Hi everyone,
We have a web application running on Websphere Application Server V6.
Say I have a JSP page that enables working on Student details.
This JSP page enables users to view, insert, update or delete student
records.
Now, some users can only use the 'View' link, others can also use
'Insert
22 matches
Mail list logo
