Solved

Your Suggestion Please

Posted on 2006-11-08
8
176 Views
Last Modified: 2010-03-31
Hi,

I would like to control the security access based on user login. So if admin is logged in, they will see menu A, B and C. However, if normal user is logged in, they will only see menu A and B.

This would be a very dynamic menu management where there is another tool to add a new menu with a new URL and assign it to either role or to both roles.

Menu_ID    Menu_Name    Menu_URL    
1               A                   /whatever.do

Menu_Id    Role
1              admin

Now, after logged in, I have been able to control the display of the menu. Now I would like to know all of your opinions about how to handle the possibility that the normal user manually typed in the URL of the menu C which is only authorised to admin. I am actually using WebLogic but I think that the solution should be similar.

I have seen the request.isUserInRole(String role). However, can I assign this role in the runtime so after admin logged in, if I do request.isUserInRole("admin") will return true? And currently, the login is handled by LDAP (Active Directory).

Thanks
David
0
Comment
Question by:suprapto45
  • 4
  • 4
8 Comments
 
LVL 92

Expert Comment

by:objects
ID: 17904608
u should also be blocking access to url based on the users role using a servlet filter for example
0
 
LVL 16

Author Comment

by:suprapto45
ID: 17904780
Thanks objects,

Can you give me more details? So I assume that the Filter will detect for *.do (Struts based) and check whether the URL is authorised to him or her right?

However, in DB, I may store only the URL such as /test/first.do. However, once it goes to first.do, the user may go to second.do and third.do. Does it mean that you want me to store all these *.do to DB?

Thanks and I will be back in 1 hour time

David
0
 
LVL 92

Assisted Solution

by:objects
objects earned 500 total points
ID: 17904844
if u want to stop people accessing certain url's you'll need to specify them somewhere :)
url mappings may be able to be used for specify them.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 16

Author Comment

by:suprapto45
ID: 17910926
Hi objects,

Sorry for the late reply. However, my role is defined from the DB and not from the realm, can I still do the url mappings? If so, do you have any URL for me to refer to?

Thanks
David
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 17910938
sorry what i meant was you could use url patterns to specify your access control.
0
 
LVL 16

Author Comment

by:suprapto45
ID: 17910958
mmmm...interesting.

Is this URL Pattern configured in web.xml? Do you have any URL for this?
0
 
LVL 92

Assisted Solution

by:objects
objects earned 500 total points
ID: 17910972
no you'd need to implement it yourself.
Other alternative is to use an existing security framework (eg. acegi) instead of building it all yourself.
0
 
LVL 16

Author Comment

by:suprapto45
ID: 17910983
>>"no you'd need to implement it yourself."
I have expected this :)

Thanks objects.

David
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
configure dependency in POM for new database 3 34
ejb example issues 3 28
JAVA API design with micro service cloud in mind 1 49
Notify sent to other threads in Java 9 33
For customizing the look of your lightweight component and making it look opaque like it was made of plastic.  This tip assumes your component to be of rectangular shape and completely opaque.   (CODE)
After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question