Hi In our current CMA implementation for role check , we have an 'anonymous' role. Now this role is supposed to work without logging into the application. Do you have any idea how to implement this ?
As far as I know there is no CMA without logging in and so I have to block the call in the filter and duplicate lot of code and divert the hit.
Any ideas ?
I think this is a feature that is lacking in tomcat - or rather in the servlet spec.
In a J2EE EJB container environment, I believe non-logged-in users have the role 'anonymous' (or is it just the principal?)
Obviously this doesn't help you but it demonstrates that the EJB specification authors envisaged this as a problem needing a solution, so perhaps in the future, the servlet container will also allow this.
In the meantime, you could write wrappers for HttpServletRequest so that you can override the isUserInRole method, and apply them via a filter.
Adam
-- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
