From: "Grzegorz Stasica" <[EMAIL PROTECTED]> > Is it possible to access container from action. I'm using securityfilter > which extends BaseRealm. In this way I can put additional parameter to > user being authorized but the problem is that I'm not able to access it > from the action. There is only function: request.isUserInRole() but > unfortunatelly I do not know how it works
If you need to add to/change what container-managed security is doing for you, you can wrap the request (with HttpServletRequestWrapper) in your Filter and (for example) override the isUserInRole() method. I do this in order to redirect to a campus-wide authentication system, and then pull "roles" from a database. (They're really our "security classes" that control access to screens in a telnet app.) I did it because I wanted to use Struts Menu's ability to hide/show menu items based on roles, without using container-managed security. http://wiki.wendysmoak.com/cgi-bin/wiki.pl?TomcatRequestWrapper In addition to isUserInRole(), there's also getUserPrincipal(). I haven't done it, but it seems reasonable to override that in your request wrapper... maybe you could return an implementation of Principle that has some extra properties that only your app knows about? HTH, just thinking out loud... -- Wendy Smoak --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
