I am writing an app using Struts 2 framework. It has a login page with username, password and usertype (ex. Administrator, supervisor, analyst etc.)
I want to do two things:
Any help on either/both is highly appreciated.
for the first part struts2 already provides out of the box session management all you have to do is to use session aware and let struts2 handle the rest of the work for you.doing login and log out are your own preferred way to implement them, though you can use interceptor to check if the user is logged in or not etc.
your second part is much like a user access and right management and i believe spring security module is the best approach to achieve such goal Spring Security
your second part is much like a user access and right management and i believe spring security module is the best approach to achieve such goal Spring Security
This is one approach, however it also requires learning another framework on top of Struts.
In this type of application I would personally implement a UserInfo object to maintain in session with an account type field for basing conditional operations on. For instance, a super user account would simply have a boolean with a getter user.isSuperUser().
In doing this you can stick the UserInfo object in session and use struts tags to include different pages, for example:
<s:if test="%{#session.user.SuperUser}">
<s:include value="superUser.jsp" />
</s:if><s:else>
<s:include value="regularUser.jsp" />
</s:else>
