Jason Carreira wrote:
True, but it's more configuration to do. If it can be avoided that'd be nice.That's the argument against .action invocation with any path. If we pin actions to certain paths in the config files, as I've proposed, then this is not an issue.
No, but the controller servlet can, I think. If the execution interceptor returns LOGIN, then the controller should be able to return headers that correspond to showing the log-in prompt, or one could simply have a view mapped to LOGIN that returns those headers. Or am I missing something?One nice thing about that is that the information could be used by many different invokers, as opposed to the declarative security through web.xml option which only works for the web case.Then you have to synchronize your roles in web.xml with the roles in xwork.xml. Plus, your servlet container can't automatically determine that you aren't logged in when you try to access a secured area and pop up the log-in prompt or load the log-in form.
/Rickard
--
Rickard Öberg
[EMAIL PROTECTED]
Senselogic
Got blog? I do. http://dreambean.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
