After reading the suggestions, I am going to go with two different actions for setting up the form. In order to use container managed security most effectively, I am going to prefix paths with admin restrictions with admin/ for ease of filter matching.
So /EditAccount /admin/EditAccount?user=username Then I will make a common abstract Action class for editing an account which both actions will extend to make use of the common routines. The /EditAccount will not listen to any query params but rather use the current session data as the data to populate the form with, whereas the /admin/EditAccount will use the user parameter to lookup the user using the DeskPhone as suggested. This way, all the security is controlled by the container, but the logic is left in the action for simply setting it up as instructed (with no checks for security). Thanks for the input and append anywhere I have deviated from the suggestion. Dan -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Daniel Allen, <[EMAIL PROTECTED]> http://www.mojavelinux.com/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "I am the GOD.....the GOD...of house!" -- Leeloo - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
