[ http://issues.apache.org/struts/browse/WW-1469?page=comments#action_38375 ] Dave Newton commented on WW-1469: ---------------------------------
This is essentially what I've done in my application (except it's called "roles" and is a CSV list of acceptable role names). My interceptor ensures the action implements IRoleAware (just get/setRoles right now) and redirects to its loginPage param. This is, perhaps, not flexible enough (I may change actual no-role handling to a spring bean) but if y'all want my 18 lines (give or take) of code you can have it :) > Canonical or example app-based, role-based authentication methodology > --------------------------------------------------------------------- > > Key: WW-1469 > URL: http://issues.apache.org/struts/browse/WW-1469 > Project: Struts 2 > Issue Type: New Feature > Affects Versions: 2.0.2 > Reporter: Dave Newton > Priority: Minor > > Rather than implementing full-blown Acegi access control it would be nice if > there was a built-in way to do simple role-based authentication from within > the application, similar to how we used to override processRoles in Struts1. > This might be as easy as adding a csvRoles (or whatever) getter to > ActionSupport to imply a default param for setting an Action's allowable > roles and supplying a canned, configurable interceptor that would process it. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/struts/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
