|
Replies:
4
-
Pages:
1
-
Last Post:
Jul 28, 2005 1:32 PM
by: bmraczk
|
|
|
Posts:
6
Registered:
6/27/05
|
|
|
|
Security: Could you post these classes used in chapter 7
Posted:
Jul 22, 2005 6:02 PM
|
|
Hi;
I am new to Manning. I bought the Struts Recipes book and enjoyed it. However, in chapter 7 example 7.9 you use to classes that are not available on line. They are
com.strutsrecipes.customgaurdaction.business.SecurityComponent
com.strutsrecipes.customgaurdaction.exception.SecurityViolationException.
Can you make these classes available for download? If not could you at least show the SecurityComponent.java file. Of course if you could allow the downloading of the com.strutsrecipes.customgaurdaction directory that would be fine too.
Thank you
|
|
Posts:
45
From:
Toronto
Registered:
4/1/04
|
|
|
|
Re: Security: Could you post these classes used in chapter 7
Posted:
Jul 25, 2005 12:59 PM
in response to:
bmraczk
|
|
Here's SecurityComponent. Of course, any production application worth its salt would go against a database, but that wasn't the main thrust behind this recipe. I guess that's why I didn't include it in the book. For what its worth, here it is ....
package com.strutscookbook.customguardaction.business;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class SecurityComponent {
private static Map users = new HashMap();
static {
List roles = new ArrayList();
roles.add("supervisor");
roles.add("appladmin");
users.put("user1", roles);
roles = new ArrayList();
roles = new ArrayList();
roles.add("manager");
roles.add("trainer");
users.put("user2", roles);
}
public boolean isAuthorized(String user, String role) {
List list = (List) users.get(user);
//no user
if (list == null) {
return (false);
}
//is role in list
return (list.contains(role));
}
}
Here's SecurityViolationException. Lately, I've been favoring unchecked exceptions. http://www.artima.com/intv/handcuffs2.html , but this recipe does it the old fashion way.
package com.strutscookbook.customguardaction.exceptions;
public class SecurityViolationException extends Exception {
}
|
|
Posts:
6
Registered:
6/27/05
|
|
|
|
Re: Security: Could you post these classes used in chapter 7
Posted:
Jul 25, 2005 5:45 PM
in response to:
George
|
|
Hi;
Thank you!
So you did not use the roles set in the tomcat-users file. I thought that you were accessing that information using the SecurityComponent.java. Are there interfaces to the tomcat-users file?
Thank you for the exception information. I realized that you discuss that earlier in the book in chapter 5. Boy do I feel stupid!! :>|
|
|
Posts:
45
From:
Toronto
Registered:
4/1/04
|
|
|
|
Re: Security: Could you post these classes used in chapter 7
Posted:
Jul 25, 2005 8:53 PM
in response to:
bmraczk
|
|
You might be looking for recipe 7.4 Secure an action mapping using the container instead of 7.5 Customized action mapping security.
Both recipes secure action mapping, but 7.5 uses the container and 7.4 shows you how to tap into your own security mechanism using Struts. Check out recipe 7.4. Simply define username and roles in tomcat as you normally would. Once that is done, all you need to do is add a "roles" attribute to your <action> tag with a comma delimited list of roles.
|
|
Posts:
6
Registered:
6/27/05
|
|
|
|
Re: Security: Could you post these classes used in chapter 7
Posted:
Jul 28, 2005 1:32 PM
in response to:
George
|
|
Thank you! I am realy trying to control where the user is sent if he does not have the proper role. I'd like the user to end up back at my login screen. I will reread 7.4. Thank you for your time.
|
|
|
Legend
|
|
Gold: 300
+
pts
|
|
Silver: 100
- 299
pts
|
|
Bronze: 25
- 99
pts
|
|
Manning Author
|
|
Manning Staff
|
|
