I guess that's possible, but it's not really the point. J2EE provides declarative security that works well enough, and that's what we're using. I can tell you now that if Webwork can't support J2EE declarative security, I won't be able to get it in here, and I'm sure there are a lot of other shops where that will also be the case. As a framework which supports servlet development, Webwork should support the J2EE security framework, even if it allows people to bypass it and do their own security implementations.
Security products have a vested interest in plugging into app server security frameworks, but probably won't support a webwork security framework without having to go in and code the interconnects ourselves. Jason -----Original Message----- From: Maurice Parker [mailto:maurice.parker@;pmic.com] Sorry if I was overly harsh, but the fact that WebWork will not integrate a security framework has been discussed and decided upon more than once. Why can't you write a filter that reads a config file and checks the incoming URL to see if it is requesting an action that you would like to restrict access to? How does that solution not solve your problem? -Maurice ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
