Asking for the consideration of a struts2 feature enhancement. The roles interceptor depends on container based security, it is a bit of a pain to set up and portability is complicated by needing to cover more documentation steps (how to secure your application on Glassfish, Weblogic, Tomcat...). This is container security and of course not Struts2s issue but it would be nice it we could use the roles interceptor by defining a org.apache.struts2.interceptor.PrincipalProxy implementation and specifying it with a struts2 constant:
<constant name="struts.security.principalProxy" value="com.example.MyPrincipalProxyImpl"/> //default would be org.apache.struts2.servlet.interceptor.ServletPrincipalProxy There is only a few place (that I know of) where the PrincipalProxy interface aught to be used where currently the request is being used (aught to be used if implementing this feature). That is in the "servletConfig" interceptor when setting the PrincipalAware interface of an action and in the roles interceptor. It is not too much work to implement our own interceptors to facilitate role based access but I think this would be helpful to many and does not seem to require a radical change to S2 internals, so I thought I would bring this up in the user forum to see what others think. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
