Hi all - I have the following issue w/Struts' (or maybe even the Servlet API) role-based security model.
If I had something like this in a JSP: <logic:present roles="user, admin"> show an input field to change your password </logic> how can I - within the current confines of Struts (1.1) and the Servlet API (2.3), instead of hardcoding the roles in the JSP (user, admin) where a password change field (or some other common function across a set of roles) is presented, do something like the following: <logic:present permission="changePassword"> show an input field to change your password </logic:present> I know the "permission" attribute currently does not exist, however, IMHO, this (permissions based on roles) is a very valid concept. So, instead of defining a "changePassword" _role_, I would have a 'changePassword' permission, which would be shared among a number of roles. Clearly, being an admin or a user is a _role_ whereas changing a password is a permission (or a functionality or a function...) I don't see anything of this nature that would facilitate this in Struts, or Resin, which is what we are using to do our development... So I'm wondering, has someone else encountered a this issue and how did they resolve it? Does JAAS alleviate some of this? Does it apply to Resin 2.1.x somehow? Thank you. Martin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]