Struts Application
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Tanmayee_Dixit
Posted On:   Monday, November 8, 2004 05:33 AM

We are developing an application in Struts. I am building a security component. This component will make sure that a logged-in user will be given access to components based on their role. Appropriate messages will be displayed alerting the user with denied access to certain parts of the application if their role does not have the privileges to access it. Here is what is happening: 1. There is a menu called Admin Setup. When a user with role Guest tries to access this Admin component, the user is denied access. This works. 2. When a user with admin role accesses this menu, the user is given access to it. This works too. Both above cases 1. and 2., the program goes through the action class associated with the admin    More>>

We are developing an application in Struts. I am building a security component. This component will make sure that a logged-in user will be given access to components based on their role. Appropriate messages will be displayed alerting the user with denied access to certain parts of the application if their role does not have the privileges to access it.

Here is what is happening:

1. There is a menu called Admin Setup. When a user with role Guest tries to access this Admin component, the user is denied access. This works.

2. When a user with admin role accesses this menu, the user is given access to it. This works too.

Both above cases 1. and 2., the program goes through the action class associated with the admin Setup, where it is checked to see if the logged-in user has access to the admin component.

Now if I copy the url that gives me access to the admin menu and login again as the guest and paste the url in the browser, I get access to the component when I am not supposed to get access. While debugging I see that the program does not go into the action class to do the check as it does before. Why?

I am not passing any user information in the url but upon logon I store the userid and role in the session.

What is happening here? Am I missing something?

Any help will be much appreciated.

Thanks.

TD

   <<Less

Re: Struts Application

Posted By:   Steven_Martin  
Posted On:   Monday, November 8, 2004 02:44 PM

I'd make sure you're really logging out as admin before going in as guest. Also, does your login show if a person is already logged in or just reshow the the login page no matter what? For testing I'd add a debug message to show if the user is logged in.
About | Sitemap | Contact