This look like it could use a Filter if you are on a 2.3 servlet spec Containter. Do a search of "Security Solution" and the mail-archive. I am developing a security solution that sits in between struts and container managed security and allows for unique error page and login page configuration. I have a sourceforge project that I am setting up with this. Previously I was looking to replace the container managed security. But, now I have found a hook that will allow me to tie into it.
Let me know if you find it useful. Brandon Goodin Phase Web and Multimedia P (406) 862-2245 F (406) 862-0354 [EMAIL PROTECTED] http://www.phase.ws -----Original Message----- From: Micah J. Schehl [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 12:30 PM To: [EMAIL PROTECTED] Subject: Declaritive Security Functionality I have implemented struts in some projects and have found a need for doing declarative security. Much like your role-based security, I would like to define the security in the struts config xml file, but I am looking at taking a step further. I would appreciate any advice or pointers. This will be my first time getting deep into the Struts source code. The problem I am trying to get a good solution for is redundant code checking conditions at the beginning of each action. If the user doesn't pass all the conditions then they are rejected from the page. The rejection would be configurable to either show as a "page not found" or would forward/redirect them to a specified page. Here is what I was thinking that the struts config file might look like. <security-checker name="roleCheck" class="com.schehl.security.IsUserInRole" /> <action path="/showMain" type="com.schehl.main.webapp.MainAction"> <security name="roleCheck"> <param> <param-name>allow-roles</param-name> <param-value>admin</parm-value> </param> <param> <param-name>allow-users</param-name> <param-value>admin</parm-value> </param> <failure path="/pages/no-access.jsp"/> <!-- failure response="no page" / --> </security> <forward name="success" path="/pages/main.jsp" /> </action> The class com.schehl.security.IsUserInRole would extend a class, com.strutssecurity.SecurityChecker, which would be responsible for setting the configuration parameters and would have a method boolean check(HttpRequest request) which would default to pass back true, but would be overridden to perform the checks. I thank you so much for any and all help, advice, or redirection you can give me. Thanks, Micah J. Schehl -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
