I don't know of any other way than to programmatically check user's role inside your Action's method. There is no way to specify attributes in the <url-pattern> of the <security-constraint>. It just doesn't support such pattern matching.
Yaakov. -----Original Message----- From: Jim Barrows [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 04, 2005 1:30 PM To: Struts Users Mailing List Subject: RE: Security question > -----Original Message----- > From: Barnett, Brian W. [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 04, 2005 11:04 AM > To: 'Struts Users Mailing List' > Subject: Security question > > > I'm using LookupDispatchAction and role-based security. I > want to allow > certain roles to access certain dispatches of an action. I'm > not sure what > the best way to handle this is. > > Should I create separate Action classes? Is there a slick way > to specify > "dispatch level" security in web.xml? The container managed security is handled by URL. Which might include parameters. If not you'll have to use one of the dispatch that requires a seperate URL to do this. Alternatively you'll have to put the security checks inside each method. > > Can someone point me to a good article(s) on using role-based > security in a > struts app that might address these issues? > > Thanks, > Brian > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
