On 10/7/06, Wendy Smoak <[EMAIL PROTECTED]> wrote:
On 10/7/06, Puneet Lakhina <[EMAIL PROTECTED]> wrote: > Hi, I found out that its possible to for me to restrict access to a > particular action mapping to only a certain set of roles. > The next thing that I found out about these roles is that this is something > I can configure in my web.xml. > But what I am not able to understand is how do i set a user's role once he > logs in. My authentication is based on usernames and passwords in database > table. So where do i set a user's role. It depends on how you are authenticating your users. Tomcat has Realms you can configure to get the role information from a database: http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html Another option is to add a Filter, wrap the request and override the isUserInRole method. -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Ok Now i figured the logging in part out. I post to a special name with special names for the user name and password fields. (Does that mean i cant use a struts action for authentication).Now how do i log off a user. As in when the user clicks on the logout link. Im sorry my concepts of container managed security aren't that strong. -- Puneet
