Are there any plans to add Nic Hobb's role-based security stuff to 1.1-dev? http://husted.com/struts/resources/struts-security.htm
I have used it in my current project, and it's working quite well. Basically, you just have to add a "roles" attribute to your action-mapping, and then it your action with throw a 403_UNAUTHORIZED if the user is not in the particular role. Once addition that might be nice is to have a "notRoles" or "disallowedRoles" attribute that prevents certain roles - similar to <logic:present role="..."> and <logic:notPresent role="..."/>. If this is added, I'm willing to modify the struts-example to use roles and form-based authentication. I figured out a trick last week (using javascript and cookies) to show the user loginForm again on the form-error page and allow them to login from there. I can add this to the sample that I'll create. Or is that process that I should add this to the Nightly build, create the example, sumbit as a patch and then it gets voted on? My vote is +1 for now. Please let me know, Matt __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
