[ http://issues.apache.org/struts/browse/WW-1469?page=comments#action_38380 ] Don Brown commented on WW-1469: -------------------------------
Hmm...I think the best way to restrict an action would be through an instance of an Interceptor that is configured to restrict all actions for its configured role. Furthermore, for Java 5 users, it could optionally pick up on a RequiredRoles annotation on the Action class itself to further restrict the action. This way, we don't have to add any methods to the Action and can define the role once in the interceptor and not on every action config. I think the capability is common enough to be put into the core. > Canonical or example app-based, role-based authentication methodology > --------------------------------------------------------------------- > > Key: WW-1469 > URL: http://issues.apache.org/struts/browse/WW-1469 > Project: Struts 2 > Issue Type: New Feature > Affects Versions: 2.0.2 > Reporter: Dave Newton > Priority: Minor > > Rather than implementing full-blown Acegi access control it would be nice if > there was a built-in way to do simple role-based authentication from within > the application, similar to how we used to override processRoles in Struts1. > This might be as easy as adding a csvRoles (or whatever) getter to > ActionSupport to imply a default param for setting an Action's allowable > roles and supplying a canned, configurable interceptor that would process it. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/struts/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
