On Wed, 2010-07-07 at 13:34 -0400, Dale Newfield wrote: > On 7/7/10 1:28 PM, Amol Ghotankar wrote: > > 2 . decide how much data to access. > > > > This I am really working something where struts2 intercepter will read what > > role the user has and set some global role for that reqest which will be > > read by dao to use to fetch the data. > > The interceptor cannot know independent of the action/business logic > what data will need to be fetched. I don't think you can solve this > problem within struts Even if you do, you've then built a toolset that > doesn't include any of these access restrictions in otherwise exposed > services. > > -Dale
This is a hand rolled solution I used: Create an interceptor which checks if a User object exists when accessing a secure package, if it does not exist redirect the user to a login page and record the initial url (will redirect back to that page after login). I use hibernate... so the user object contains a connection to the database. If you're also using hibernate you'll notice you can supply the specific "hibernate.cfg.xml" when establishing the connection, by making this choice dependant on the particular user you can supply different database connections or even restrict data access. In this case I think xml files are better than annotations as you don't need to change the POJO which the *.hbm.xml files refer to. Sorry I'm not sure I really understood the issue, but this helped me a lot and was very easy to implement.
