1

In my struts application, I want to selectively redirect some Users (based on their role) to a static page when they access some of the actions.

I am not looking for full fledged Authorization solution here, but my problem is very much similar.

Is there a way to put some flag or any other detail with an action in struts-config.xml which can be used in java code to identify if the actions fall in the category for which I want to deny access selectively?

NOTE: I do not directly extend org.apache.struts.action.Action for my actions. Instead I have defined an abstract class that extends org.apache.struts.action.Action and rest of the actions in my application extents this abstract class. Thus, I can perform validation here. I can identify the type of action here using the mappings.getPath(). But I dont want to hardcode the list of paths that I want to selectively deny access, instead I am looking forward if this can be configured in struts-config.xml.

Salman A. Kagzi
  • 3,833
  • 13
  • 45
  • 64

1 Answers1

2

This can be configured in the struts-config.xml file by using the roles attribute on the <action> configuration. You can specify the roles that your users should have to get access to that particular action.

With this you can avoid doing the test on the mappings.getPath() (which I agree with you that it is an ugly solution).

Once the roles configured, you could then create yourself a custom request processor to process those roles in whatever way you like.

You can find more information on Struts' security roles on the web, but here is a basic example to get you started.

  • Thanks. This was lot helpful. Instead of using roles attribute (which I am planning to use for RBAC) i am using parameter attribute in struts-config.xml and am adding a marker parameter here. This parameter is used in my AbstracAction which messages some inputs and performs general validation before the actual action is called. – Salman A. Kagzi Jul 27 '11 at 05:14