This seems like a possiblity to me, but let me
elaborate.
95% of the security for my application will be
utilizing the concept of Role properties on
ActionMapping objects to limit access to the protected
resource. (this would be declaritive if I'm not
mistaken).
The other 5% of my security involves showing/hiding
links on certain pages based on the user's role (ex:
only show the link to the Admin menu if the user has
the Administrator role). That task I would assume
would be accomplished using the code:
<logic:present role="Admin">
... show links only a Admin should see ...
</logic:present>
My question is, if I want to perform minimal
programmatic checks such as above, what is the
generally accepted token that the logic should check
in session? If the login ActionForm is placed into
session as the "User Object", then that wouldn't
necessarily contain a "Role" attribute and that would
have to be somewhere else?
Thanks in advance
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
