Hi, Chuanjiang: I am not very clear on your question. But in general, if you have something difficult to use the built-in authentication method, you can overwrite the processRoles() method in your customized RequestProcessor and register your processor with the actionservlet in the configuration file.
In that way, you can get the most flexibility. Regards, Yang Sun On 4/9/06, chuanjiang lo <[EMAIL PROTECTED]> wrote: > > Hi all, > > I have a module (/module) with three functions > For e.g. > Function a -> module/functiona.do > Function b - > module/functionb.do > Function c -> module/functionc.do, module/functionc1.do > > I have two roles, say Role A can access the whole module. Role B can onl > access Function C > > For Role A, the URL pattern would be > <url-pattern>/module/*</url-pattern> > > For Role B, > <url-pattern>module/functionc.do, module/functionc1.do</url-pattern> > > However seems like Role B has already been block by the URL mapping > specificied for Role A. > > Appreciate any inputs. > >
