I am working on a struts 1.3 web application that has 2 interfaces one for regular staff and another for probationary staff. These can be looked at as 2 modules having some interfaces in common and some others that are different.
Instead of putting authorization rules on the application, I was wondering if I can control access to some resources using multiple configuration files. I need to implement the following behaviour:
For urls like /application/regular/* the application should use the struts-regular-config.xml file to work out the mapping.
For urls like /application/probationary/* it should user the struts-prob-config.xml file to work out the mapping.
So effectively I need the action servlet to work with 2 different config files one each for the 2 url-patterns that I have.
How can this be done? Many thanks in advance.
Try This Approach Instead of creating different/multiple URL pattern and URLs for different users.
Use the same URL for all the users.Divide your Projects into modules and sub modules using AJax tags.
Create one new Class RolePermission which will define Roles and permission for Different Users. For eg, whether User A has access to Module X or not.
Also use this parameter/fields like RoleId, RoleName,isAllowed,securityGroup for defining RolesPermission.
Related
A quick api uri design question. We have resources that belong to our clients. These resources can be edited / viewed / deleted by the client who entered them into our system. The resources can be searched by all clients but access is only granted if certain criteria is met (client has level 3 access etc).
Choice 1: include the client who owns the resource in the uri.
client/:clientname/widgets
client/:clientname/widgets/:id
Choice 2: ditch the whole "client/:clientname" since this part of the uri has to be verified and checked against the credentials of the user accessing the information.
/widgets
/widgets:id
We have other resources other than widgets that also belong to clients.
Which way is the more preferred way and why? Cheers.
The only advantage that Choice 1 gives it that it allows you to effectively namespace widgets/whatever by the user that uploaded them. Similar to Github, how different users can have projects with the same name. If Github were to exclude the username, no two users could have a project with the same name. If the widgets are all unique, I would go with option two and you will have a 1:1 mapping from a widget the the user that created it, thus supplying it is just extra work for whoever is calling it.
If you can have the same widget name for different users, use an approach which includes the username. You may not need to actually use the 'client' word in your url though; using a path like '/:clientname/widget/:widgetid' instead.
Note that this is kind of an opinion based question, so you may get different answers. You'll have to weigh the information provided and in the end make your own decision.
The client I'm working for has a CMS written in Yii. Currently a part of their business is customizing the CMS to meet the specific needs of each customer. About 90% of the code is reused, essentially by copying and pasting from one directory to another. While I've been working on this project, I've had to merge changes in to the shared codebase several times.
All, or most, of these sites are hosted on the same server, and it would seem that it would make more sense to have a single login, that changed what features we showed based on the login. In some case that means overriding whole or partial views (eg, the _form.php might change from customer to customer) including the controller and model. Most of the time, it means adding a new controller for a bit of functionality written just for that client.
I've read about having both a front and backend site here: http://www.yiiframework.com/wiki/63/organize-directories-for-applications-with-front-end-and-back-end-using-webapplicationend-behavior but that doesn't seem to be the right fit (I don't want everyone coming to a different start php file, for instance)
Ideally, I'd have users log in, and get assigned a site id, which will filter data in the shared MVC objects, and will add in the ones specifically for them, or override the ones where necessary
Intuitively it seems like something like this would make sense:
Shared controllers go here:
/protected/controllers
Overrides and additions for client1 go here:
/protected/controllers/client1
or:
/protected/client1/controllers
But I'm not sure how to get Yii to do this in the most efficient and easy to manage way. Is this something that's going to work with Yii, or am I breaking it in ways unintended? If it will work, what's the best way to accomplish it so that it's clear to me six months from now, or some random developer who replaces me?
Do you know RBAM ?
With Role Based access you can profile your application in more-or-less granular way
I am currently investigating the possibilities of different CMSs for a company-site.
Done quite a few projects in classical ASP, ASP.NET, Joomla etc..
I would like to use Umbraco 5 for the first time.
For that project we have a SQL-Table with Job-Opportunities:
like: JobName, Department, Description, etc..
These should be listed on a page. In ASP.NET I would use something like a Repeater, etc.. with PageSize option and automatic paging.
In the Backend (Backoffice in Umbraco, I assume) there has to be an Insert/Edit/Delete Page with the corresponding input boxes, which are maintained by the company employees, not by web-developers.
Which route should I look at? I am completely stuck, is there an example anywhere?
Can I use my own data-tables, or could/should I use the Umbraco content tables for this?
Thank you,
Reinhard
Welcome to Umbraco.
If you choose to use a pre-existing database, you're going to need the following pieces:
an ORM to access read/write the data
a custom hive provider for that data to allow for Umbrace to read it as an entity
a custom tree to allow for editing and adding data in the backoffice
a macro to display the content on the frontend.
http://web-matters.blogspot.com/2011/11/umbraco-5-hive-provider-tree-editor.html
is a great place to start.
As you're probably picking up on, this is a lot of work.. so, most importantly: Are you trying to maintain two applications?
If so, do you really need to be able to edit the list in both applications? Your task would be much simpler if you only allowed editing from the other application, and displayed the read-only list using web services.
If not, ditch the custom database. Umbraco 5 is a full EAV/CR system, so unlike some CMS products, you'll be able to represent any rdbs structure you can imagine. The simplest way would be to create a custom document type with those properties to represent a job opportunity, and store those job opportunities on a new node in the content tab.
About document types: http://our.umbraco.org/wiki/how-tos/working-with-document-types
I want to divide my app in two namespaces, Cms and Front. Based on that I will have for example scaffold in Front named User which will handle users data of those who register in service. But the thing is, that in Cms I would also like to have acces and be able to manage users like block action, delete, resend invitation, send email etc. .
What would be the best solution for that. Should I make two separate scaffolds one in Cms another in Front and handle with them the same table in DB or should I create some Module to handle common actions for both namespaces ? Of course for each namespace I will have different DB prefix, how to work it around ?
just don't add a namespace for the common stuff. or you could also add a Common namespace to them.
We have planned to start an e commerce project using Stripes + Hibernate.
Please let me know if it is good to have admin & user part in same project or two separate ones.
If it is a single project , how do i separate admin side code & user code.
for eg: if i have admin actions in com.ecommerce.adminactions pacakge and user actions in com.ecommerce.useractions package should i use dynamicmappingfilter to direct admin request to com.ecommerce.adminactions and user request to com.ecommerce.useractions ?
-http://myecommerce.com/admin/* - > should always go to com.ecommerce.adminactions
-http://myecommerce.com/ -> should go to com.ecommerce.useractions
or
Should i use #urlbinding(/admin/st.action) in each class (Hard code).
The requirement is they need multistore concept.
Please let me know your thoughts on this.Your thoughts & suggestions will be helpful
Thanks
The Stripes framework does not really influence decisions on how you should organize you're project, or how you should organize your IDE project structure, or even Java package structure or URL structure.
One or more project
Unless you have many developers, keep it all in a single project.
Package structure
A package structure should organize you're Java classes so that you put classes that are logically related (as defined by your architecture!) is in the same package. For example: com.ecommerce.action.admin and com.ecommerce.action.. See also: Properly package your Java classes
URL structure
Typically you want you're URL structure to reflect the logical structure of your website (not the same as your technical structure). To accomplish this, you should not rely on the default URL's but use #UrlBinding. With the annotation you do not hard code links, as all generated links will automatically use the UrlBinding pattern.
Multi store concept
For a multi store concept, you will need to build logic in your application for distinguishing between the different shops. For example by adding a shop id to your URL parameters. Or more sophisticated by detecting the (sub)domain name used and map that to a shop id (You can implement this by using an interceptor).