> For user authentication, use container security not Struts. Struts > example should not be based on login.
You might have a look at the Expresso Security (open source at www.jcorporate.com) which extends Struts, though Expresso's security framework came into being long before container-based security became a possibility. We are in the process of working to migrate the Expresso security framework to JAAS, in which case, we will be compatible, but it will not be included in the upcoming 4.1 release. Once developed we will probably keep the current database tables as the default implementation (although pluggable security matrices are in the works) since they've been so convenient and nice to work with. Sometimes container integration can be a hassle as you switch from container to container. Expresso might be helpful by staying container independent at this phase and slowly integrating in as container spec conformance comes about. We use a "Controller" which is a customized Action class. Our security is automatic... We currently have three security categories: Controllers [Actions]: Each controller's state is checked against the security matrix. If the user belongs to the appropriate role, access is granted. DBObjects: Our persistance layer has role-based security for add/update/delete, also defined in a security matrix. Cheers Sandra -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
