Why don't you use a tag to check the logon on every page you want a secured access to? Just like in the struts-example:
at the top of your JSP goes: <%@ taglib uri="/WEB-INF/app.tld" prefix="app" %> <app:checkLogon/> and the class that is behind this has to extend TagSupport. See the struts-example for more details. Radek > -----Original Message----- > From: Ralf Bode [mailto:[EMAIL PROTECTED] > Sent: Friday, June 04, 2004 11:26 AM > To: [EMAIL PROTECTED] > Subject: Security and Struts (JAAS?) > > > Hi, i have a portal based on struts. > and i have some public action. > (e.g for listing news and so on) > however. > my problem is the protected area. > i have two roles. > ->customer > ->supplier > > both login via ONE Action > (i got their roles via their usernames...) > okay, i saved something in session > and did if(session...) in an action, > before a user (a logged in) could > do some stuff. > > it works okay, but only > if the user enters a URL like > host:8080/trashApp/cust/addStuff.do > (for submitting a form) > i got validation.errors ... > because the execute() of my action is not called... > > so i figured out, that i can use ROLES-attribute > for <action>. nice, but this is jaas, isn't it? > > now the (for me) interessting point. > can i add a user (or roles) manually in my > LogonAction.execute() ? > and when, how? > > or how to deal generally? > with two user-roles and ONE-LogonAction.class ? > > i also watched tomcat-app, that uses struts/jaas for > authorization, but only with ONE role. > > so is there anyone out, how has a tip/solution > for me? > > thanks alot! > > Ralf > > > > > > > Mit schönen Grüßen von Yahoo! Mail - http://mail.yahoo.de > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
