You can use the logic tags to do something like this:
<logic:present role="admin">
<html:link page="/admin/Admin.do">Admin</html:link>
</logic:present>
This assumes you are using a security mechanism where
request.isUserInRole("admin") will return true when the user is in that
role. For that to work, you must use container-managed security or a
filter-based solution like http://securityfilter.sourceforge.net/.
-Max
shamelessly plugging SecurityFilter again :)
----- Original Message -----
From: "Mike Duffy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 20, 2003 12:23 PM
Subject: Fine Grained Access Control in Sturts
> Does anyone have any thoughts on fine grained access control in
> Struts?
>
> Struts enables access control based on actions (see "Struts in
> Action", Husted, et. al., pp 550-553), and most application servers
> can protect resources based on realms/roles.
>
> But what about display options based on roles. For example, if you
> only wanted an "Admin" link to appear if the user was an
> administrator, what would be the best way to do this?
>
> You could make the "role" an attribute of the user object and then do
> a logic test for the appropriate role. Or it might be even better to
> write a logic tag that takes the user role as an attribute. Any
> thoughts?
>
> Thanks for your consideration.
>
> BTW. The Husted book is a very good book.
>
> Mike
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
> http://platinum.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
