Dave Newton skrev:
Morten Andersen wrote:
This I would implement in RequestProcessor.processActionPerform(...)
where I check the users role for the specific page and based on that get
the respons taylored for that role and check whether they may do what
they intend.
RequestProcessor.processRoles?
The role thing should be used for 2 things:
* Access control. May the user submit or view a page?
* View control. The role decides what the user sees.
Example: Some users may edit a page. Who that may edit the page varies
over time. The users role on the page is set per page.
As far as I understand Realm only checks whether the user may use a
specific method (action). No finegrained access-control is possible.
How fine-grained do you want it? If the Realm stuff allows method-level
access that seems finer-grain than URL, but I think I'm just not
completely understanding your question.
In the web.xml I can set some security constraints for URL patterns. I
basically want to use some request parameters to determine the role.
If you want _fine_-grained access control drop Spring on top of Struts
and use Acegi.
I'll look into that.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
