I would like to accomplish the following:
In my webapp there's a mapping /myapp/admin and everything below that should be restricted. The way the authentication works is like this:
A user logs in via a login form. the login action checks in the database and if the user exists a user object is saved in session scope.
is it possible to define a security constraint in web.xml which restricts access
to /myapp/admin/* but somehow checks for the presence of the user object in the session? or do i have to check in every admin action for the presence of the user object? I read that i can also specify roles for each action. how does struts check for those roles? how can i tell struts to check for my user objects?
Could the processRoles method in RequestProcessor be of any use?
Any suggestions, comments and tips would be highly appreciated!
Thanks a lot, Patrick
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
