Security in Struts: User Delegation Made Possible
Subject:   What is the difference to setting the roles at the action level
Date:   2004-04-15 17:19:06
From:   stefan88
The approach you describe eventually allows to plug in one's own permission system at the Action level and read the entire permission-action matrix from everywhere. But then you also say that assignment of permission is static after the server is started. So where is the gain?

I can already assign roles to Actions since Struts 1.1. The roles are application specific, and I have to know their names anyway. I can use the AS user provisioning to assign roles to users (Tomcat 5 has a nice Admin interface to assign roles to users and groups). I cannot have users delegate roles there, but the software you describe here cannot do this either. You just say that this can be done elsewhere, but this outside application could also set Servlet roles (permissions) in a hierachical way. Where is conext to your example and what's the gain ?
Please advise, I might be missing something.

cannot do this either. You say that one can do that elsewhere, but your article is not about a permission system.

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • What is the difference to setting the roles at the action level
    2004-04-18 03:10:11  wernerramaekers [View]

    The article is not about role-based permissions but about delegating permissions to users beloging to the same group but who are in a different role.
    The extension i specify here allows for users, like say the Manager of a certain department, to decide if he wants member x of his/her department to be able to view/edit action y. And if member a can view/edit action b. At least that is how it is used on one of the projects in production already ;-)
    Please read the article again and hopefully it will all become clear to you.