yeah, no the admin section is fine. Pity struts doesn't have anything, in the process of a conversion from tomcat to websphere (business partnership thing), So I am trying to get away from any container specific configurations.
-----Original Message----- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Thursday, 5 December 2002 11:06 AM To: Struts Users Mailing List Subject: Re: Restrict acces to certain pages/actions Struts doesn't provide any custom authentication/authorization mechanism -- make use of that which is provided by your servlet container (lookup container-managed authentication). Once this is done, Struts does provide you ways to build selective content, based upon the roles you've given to a user, through use of the taglibs etc. ... so far as your administrative section goes - you can set it up such that it does not even exist for users that do not have the proper role. (... and I mean that quite literally - the server will return a 404 for unauthorized access!) Steve Vanspall wrote: >Hi there, > >I was wondering if struts had some mechanism to restrict acces according to >user level. > >Basically our users may be of variying levels in our system. From customer >to administrator. > >This is defined by a columns in a table in our database. > >Each user should have differing levels of access to the web app. > >For example a customer can change his/her setails, but not search/view any >other customer. > >Naturally a customer also wont have access to the administration section of >the web-app. > >I can code up a retriction system. But was wondering if struts already had >one that I could cutomise for my own needs. > >Any help would be appreciated > >Regards > >Steve Vanspall > -- Eddie Bush -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
