Hi Rajesh:
It is imperative that your UserId-Password Table contains a role Field as
well where each User is assigned a Role.
In your context.xml you will need something like the follwing snippet
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://10.0.0.19:3306/elearning?user=elearn&passwor
d=313a4ning"
userTable="lms_attendee_details"
userNameCol="userid"
userCredCol="password"
userRoleTable="lms_attendee_details"
roleNameCol="lmsaccesslevel" />
Look at the above Lines in Red.
It expects two Tables. A "userTable" and a "userRoleTable". In my case the
Tables are both the same "lms_attendee_details" Table.
userNameCol gives it the name of the field which has UserId,
userCredCol gives it the name of the field which has password and
roleNameCol the name of the Role.
These fields will be used by Tomcat ( I use Tomcat ) to give selective
permission to resources if your action-mappings has a role attribute where
roles will be inserted in the following manner:
<action mapping="... . . " . . .
role="role1,role2" ../>
</action>
In uerTable attribute, I am specifying the name of my
-----Original Message-----
From: RAJESH THIHARIE [mailto:[EMAIL PROTECTED]
Sent: Monday, October 09, 2006 1:43 PM
To: Struts Users Mailing List
Subject: RE: Role Based Action Mapping
I would suggest you take a look at Acegi. It will take a bit of learning but
it is definitely worth it.
You can go to http://www.acegisecurity.org to learn more.
-----Original Message-----
From: Puneet Lakhina [mailto:[EMAIL PROTECTED]
Sent: Monday, 9 October 2006 3:40 PM
To: Struts Users Mailing List
Subject: Re: Role Based Action Mapping
On 10/7/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
>
> On 10/7/06, Puneet Lakhina <[EMAIL PROTECTED]> wrote:
> > Hi, I found out that its possible to for me to restrict access to a
> > particular action mapping to only a certain set of roles.
> > The next thing that I found out about these roles is that this is
> something
> > I can configure in my web.xml.
> > But what I am not able to understand is how do i set a user's role once
> he
> > logs in. My authentication is based on usernames and passwords in
> database
> > table. So where do i set a user's role.
>
> It depends on how you are authenticating your users.
>
> Tomcat has Realms you can configure to get the role information from a
> database: http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html
>
> Another option is to add a Filter, wrap the request and override the
> isUserInRole method.
>
> --
> Wendy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Ok Now i figured the logging in part out. I post to a special name with
special names for the user name and password fields. (Does that mean i cant
use a struts action for authentication).Now how do i log off a user. As in
when the user clicks on the logout link.
Im sorry my concepts of container managed security aren't that strong.
--
Puneet
NOTICE
The information in this email and or any of the attachments may contain;
a. Confidential information of Cuscal Limited ('Cuscal') or third parties;
and or
b. Legally privileged information of Cuscal or third parties; and or
c. Copyright material of Cuscal or third parties.
If you are not an authorised recipient of this email, please contact Cuscal
immediately by return email or by telephone on 61-2-8299 9000 and delete the
email from your system.
We do not accept any liability in connection with any computer virus, data
corruption, interruption or any damage generally as a result of transmission
of this email.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
