If container managed security doesn't work for you, you should write a security filter which takes care of the rules you envision. You would then also write some authentication action. There is a good chapter about it in Wrox Professional JSP.
Edgar -----Original Message----- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 04, 2002 7:06 PM To: 'Struts Users Mailing List' Subject: Re: Restrict acces to certain pages/actions Struts doesn't provide any custom authentication/authorization mechanism -- make use of that which is provided by your servlet container (lookup container-managed authentication). Once this is done, Struts does provide you ways to build selective content, based upon the roles you've given to a user, through use of the taglibs etc. ... so far as your administrative section goes - you can set it up such that it does not even exist for users that do not have the proper role. (... and I mean that quite literally - the server will return a 404 for unauthorized access!) Steve Vanspall wrote: >Hi there, > >I was wondering if struts had some mechanism to restrict acces >according to user level. > >Basically our users may be of variying levels in our system. From >customer to administrator. > >This is defined by a columns in a table in our database. > >Each user should have differing levels of access to the web app. > >For example a customer can change his/her setails, but not search/view >any other customer. > >Naturally a customer also wont have access to the administration >section of the web-app. > >I can code up a retriction system. But was wondering if struts already >had one that I could cutomise for my own needs. > >Any help would be appreciated > >Regards > >Steve Vanspall > -- Eddie Bush -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
