Re: Securing an Action

2006-06-30 Thread Paul Benedict
Are you testing your action with the action mapping you showed? Remember, the roles are tied to a mapping, not the action class. Vinicius Carvalho <[EMAIL PROTECTED]> wrote: Well I tried this but did not work: roles="ADMIN,MANAGER" type="com.acme.InvoiceList" name="invoiceForm" input="/

Re: Securing an Action

2006-06-30 Thread Vinicius Carvalho
Well I tried this but did not work: And on my action: String roles[] = mapping.getRoleNames(); Problem is that roles has a zero size array. What have I done wrong here? Best Regards On 6/28/06, Paul Benedict <[EMAIL PROTE

Re: Securing an Action

2006-06-28 Thread Paul Benedict
Vinicius, #1: Do you have any kind of a user object? If so, use the HttpServletRequestWrapper to wrap it up in the current request (via a filter), and then delegate its isUserInRole method to the user. #2: Each action mapping has a "role" attribute; it contains a comma delimited list of roles

Securing an Action

2006-06-28 Thread Vinicius Carvalho
Hello there! I know this kind of question has been very very discussed. But I've been away from struts for a while. I need to create two types of actions, one that anyone can access and a secure one, based solely on user's roles. Here's what I've come in mind: public abstract class BaseAction e