Hi there, I am using Tomcat 4.1.12 and Strut1.1-b2 (it think that's the struts version)
anyway, I can see that Tomcat has a tomcat-users.xml file. This file, as I understand, can restrict access according to a the user-level. What I want to know is, is there a way to restrict access to the url/jsp's according to a dynamically retrieved user level. e.g. All our user login id's and passwords are stored in our database. In a similar table they have a role_cde attributed to them. Both these beans are stord in the session when someone logs in. Can I restrict access to certain actions/jsp's similarly to the way tomcat-user.xml is used to restrict access? better yet, is there a non container-specific way to do it. I would rather not code my own xml file, if there is already something built in to the architecture I have running. Any help would be appreciated Steve Vanspall -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
