You have only two choices for making request.isUserInRole() work: 1. Use container-managed security.
2. Use or create a Filter-based security system where you wrap the the request objects in order to implement the isUserInRole() method. You can't do this without writing a filter. The SecurityFilter (http://www.securityfilter.org) project I run is an example of #2. Here's a link to the source code for our SecurityRequestWrapper class that implements the isUserInRole() method: http://tinyurl.com/yile -- the implementation just delegates to the realm. -Max ----- Original Message ----- From: "Ted Husted" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 09, 2003 11:47 AM Subject: Re: Have your Book: UserInRole question > You said it. The database returns the user's various roles ... to the > container, which also supplies the request from whence isUserInRole comes. > > HTH, Ted. > > Dave Yutzy wrote: > > > I’ve been wracking the web to try and find out how to use the > > “request.isUserInRole()” functionality. > > > > I understand how to setup the web.xml as well as the <action> tag in > > the struts config, but where would I actually “assign” the value of > > the user’s role? > > > > So, if I have a custom login page and I auth. against a DB that > > returns the user’s various roles, how to I get those values into > > “????” so that they can be read by the request.isUserInRole() call? > > > > Anything you can do to point me in the right direction is greatly > > appreciated! > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]