What *is* the canonical way to do app- and role-based authentication like I used to with a custom RequestProcessor in Struts1?
The way I have it now is via an action param with a csv list of roles and an interceptor that expects all actions to implement a getter for that parameter. I know there's the Acegi route, but I'm already getting yelled at because they found out Struts2 uses Spring and I was only allowed to use one new technology :/ I think Acegi might make them cut out their own spleens, but if it's the "best" option then I'll hand 'em the knife myself. TIA, Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
