On Tue, Dec 28, 2010 at 11:10 AM, Amol Ghotankar <ghotankaru...@gmail.com>wrote:
> Even I am searching for some better way in which authentication can be done > using struts2 or spring security toghether. > > No direct or simple example to explain it working together. > > Specially for these two cases where > > 1. which user can access which action, is stored in database -> > authorization table > 2. which user can access how much data from a table in database, is > decided > by authorization logic. > > How to implement this any example or references welcomed. > There are essentially unlimited ways this can be implemented. It also depends what technology you want to use. I haven't used Spring Security for some time, so I won't be much help there, but I *do* know it's incredibly granular and flexible, occasionally a bit too much so for my taste, but it can be made to look simple. "How much" data can be accessed has multiple meanings: do you mean *quantity* of data? I've never even considered trying to implement that. *Which* data would be handled the same way as everything else, however it's being handled. When I've dealt with legacy authentication mechanisms I usually just do something like a filter/interceptor that checks the action for an annotation (or a known action method naming convention to map action method => access control). After the user logs in their user info is available in the session, and if they're allowed access the interceptor just moves along, and if they're not, they're redirected somewhere reasonable. For Spring Security stuff I would refer you to the Spring documentation, since it's not directly related to Struts 2. Dave
