Selectively deny access to a subset of actions for a logged in User
In my struts application, I want to selectively redirect some Users (based on their role) to a static page when they access some of the actions.
I am not looking for full fledged Authorization solution here, but my problem is very much similar.
I开发者_开发知识库s there a way to put some flag or any other detail with an action in struts-config.xml which can be used in java code to identify if the actions fall in the category for which I want to deny access selectively?
NOTE: I do not directly extend org.apache.struts.action.Action for my actions. Instead I have defined an abstract class that extends org.apache.struts.action.Action and rest of the actions in my application extents this abstract class. Thus, I can perform validation here. I can identify the type of action here using the mappings.getPath(). But I dont want to hardcode the list of paths that I want to selectively deny access, instead I am looking forward if this can be configured in struts-config.xml.
This can be configured in the struts-config.xml
file by using the roles
attribute on the <action>
configuration. You can specify the roles that your users should have to get access to that particular action.
With this you can avoid doing the test on the mappings.getPath()
(which I agree with you that it is an ugly solution).
Once the roles configured, you could then create yourself a custom request processor to process those roles in whatever way you like.
You can find more information on Struts' security roles on the web, but here is a basic example to get you started.
精彩评论