My question is similar. I use container-managed "role"-based security checking. I put "role" property in Action Mapping and use isUserInRole in my JSPs. For example, John can view the sales reports if he has the "sales role". Now, I want to further restrict John to view the sales reports in is "region" only.
People say that I can use the servlet filter. I need guidance to see some examples. --- Adam Hardy <[EMAIL PROTECTED]> wrote: > > > On 10/22/2003 10:21 PM Ramadoss Chinnakuzhandai > wrote: > > apologize for repeating my question again....I'm > newbie to Struts and hv basic doubt in security > level implemented using Struts framework. > > > > we are aware that in normal J2EE application we > are authenticating user based on user access level > specified in web-app in web.xml(web container) > > > > My Questions are > > > > 1.Are we following the same process of > authenticating a user against his/her access level > as that of the above...? if not pls explain how you > are authentication a user in your struts-based > application. > > > > 2.If yes to the above question Is there someother > way of authenticating a user available in Sturts? If > so pls explain how you are authentication a user? > > Yes to both: struts leverages the built-in container > managed security as > specified by the servlet spec from Sun. > > Adam > > -- > struts 1.1 + tomcat 5.0.12 + java 1.4.2 > Linux 2.4.20 RH9 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]