William, Following the Java Enterprise Edition's container managed security spec, you can set (in your web.xml) what url's can be accessed by users with certain roles. This is all external to your application. Your original post only mentions restricting pages to roles. To use your example. If a user with role 'member' logs in to your app, they would not be allow access to a url that a user with role 'gold' or 'platinum' has.
This may not be fine grained enough for you. If for example you have a view page whose content is dependant on the user's role. Currently I have never crafted such an application. So I can only speculate. But I would see your view making descision of what to display based on the user's role. In such a case then you would need to access. Also in such a case you can use the methods I mentioned before. I just think it is better to externalize these descions as much as possible and whenever possible. Hope this clarifies things, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3946614#3946614 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3946614 ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
