I have a question on how to implement authorization and authentication with the Struts framework. In several DB tables we have users, groups, permissions, acls, etc where the security information is stored. We would like to integrate this information, in the best possible way with Struts. From what I have read so far it's seems that best place, perhaps, is to place this request validation code is in the processPreprocess() or the processRoles() of a user extended version of the RequestProcessor class. That way one could "look" at the request first, validate it against the logged user and his ACL and decide to let him pass or not. If this is the case how do I generate a "redirect" to a "not allowed/no security" action (possibly by overriding the processActionPerform() method) or just throw a NotAuthorizedException and let a global exception handler in Struts take care of it? Is this a correct path of action? Please excuse me if this has been already talked about, maybe someone could lead me to previous discussions about how to do this. Thanks in advance.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
