Are you on a servlet-spec 2.3 engine? Then you could use a filter that gets executed before struts gets the request. Of course the mapping would be available as URL, but Struts being opensource lets you copy that part of the code...
hth Alexnader Jesse -----Original Message----- From: Mike Dewhirst [mailto:[EMAIL PROTECTED]] Sent: Freitag, 8. Februar 2002 16:44 To: 'Struts Users Mailing List' Subject: Controller and security We are trying to come with a good security model in conjunction with Struts. I was thinking of calling a business class method to check the user's permission for the requested mapping from within the Controller, but I'm sure custom-modifying source code of a generic frame work is not exactly best-practice. Any suggestions? PS Thanks to those who did for the advice with "actions and business logic"! =********************************************************** If you are not the intended recipient, employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination or copying of this communication and its attachments is strictly prohibited. If you have received this communication and its attachments in error, please return the original message and attachments to the sender using the reply facility on e-mail. Internet communications are not secure and therefore the UCLES Group does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of the UCLES Group unless otherwise specifically stated. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses although this does not guarantee that this email is virus free. **********************************************************= -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
