In the struts config I have <set-property property="actionRole" value="40"/> for each action. This way I validate at the role level for each action. This works great since we build menus based on roles assigned to users.
Nic
Shilpa Vaidya wrote:
hey all, Preventing users from accesing action. I am writing a web app to manage administrators and profiles. Administrators may access to the web app based on the profiles they have. The profiles, determine which pages the administrator might access. The profiles, and authorizations, might change online during work, so I need to check authorization to access a page (Action) on each access.If I understand correct, then, the actionServlet, first process the form bean, and then the action.. But, if the user is not authorized to access a specific page (Action), I need to forward him to an UnAuthorized error page, before thr formAction bean is filled. I would like to use a servlet filter. This filter checks the users rights and instanciates a HttpServletRequest-Wrapper.But am not sure how - .Can anyone help.Till then me trying to study the ServletFilter examples here n there. Shilpa
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
