> -----Original Message----- > From: Anders Engström [mailto:[EMAIL PROTECTED] > > It calls isUserInRole(roleName) so it's directly using J2EE > security. > > You have to be logged in to access the Action. You need to > apply security to paths to cause the server to force a log in. > > > > How are un-protected views/actions separated from protected > views/actions? Since there is no way to bind an action to a > specific path in 1.3 which is the recommended way to specify > parts of a WW application as protected?
I have different base Action classes which implement RoleRestricted and return different arrays of Strings with the allowed Roles. > > > > > > > > All of this is MUCH cleaner in WW2 where namespaces make Actions > > > > pinned to certain paths (or not, your decision, but at > > > least you CAN > > > > decide). > > > > > > Hehe - well... I'm eagerly awaiting the arrival of ww2 :) But > > > (see my previous post) we will be using ww 1.3. How much work > > > would it be to hack/substitute code in 1.3 to make it handle > > > paths like ww2 is supposed to? > > > > > > > Yeah, I understand. We're doing the same at work, which is why I've > > developed this hack. I don't know how hard it would be, but it > > shouldn't be done, since it would change 1.3 significantly. > > > > IMO there should be a "Best practices for WW and J2EE web > resource constraint" (or similar) in the docs (Wiki?). It > ought to be a pretty common scenario and to promote WW as a > framework for web development it is crucial. > > I'd be happy to put together a draft, but I need a little > more input from all you WebWork gurus ;) > > //Anders > Go for it! Jason ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
