Mark Lowe skrev:
On 2/28/06, Emmanouil Batsis <[EMAIL PROTECTED]> wrote:
Dave Newton wrote:
If you want _fine_-grained access control drop Spring on top of Struts
and use Acegi.
For us not wanting to put yet another framework into the table, any
advice and pointers from more experienced people out there?
My usual requirement is operation rights for roles in groups (due to
resources belonging to groups) and i am currently trying to fit JAAS
into the picture and take advantage of doclet etc, but i still havent
even scratched the surface on this one.
JAAS can be complex.... Sounds like the problem is do to with realm
configuration and how to use the servlet spec security model.. A JDBC
or DataSource realm will fit most requirements, rather than getting
bogged down in Jaas.
http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html
OK. I'm currently using Realm almost like suggested by Mark. The only
exception is that I only let some of the actions be under security. In
practice this means that I can show something (like a website) for
people that are not logged in while only showing the editor-buttons to
people that are logged in.
Now if I can determine whether the user has logged in. How can I use the
request parameters to determine the users role on specific pages? I know
that I can invent my own control, it just seems like something many
others would need. Any tools available?
Morten
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
