Jackie,
as a BASIC authentication example for Tomcat:
1.:
create a new role, and user in TOMCAT_HOME/conf/tomcat-users.xml
...
...
...
---
2: in the web.xml of your ( struts ) web application, add the security
const
You can try ServletFilter, http://www.securityfilter.org/, it's independent
of container security, no need
to touch server configuration file. And real easy to use.
Try use it in combination with assigning roles to action mapping from
struts-config.xml
and with Filter ( i.e. implements Filter ),
