Hello, For a few Struts apps in a row now, we've used the roles attribute and an overriden processRoles() method in a custom request processor to handle access control within struts apps. A user's Roles are gotten from the database at login and stored in the User object in the session. The User object has a hasRole() method that compares the user's roles to those that arrive in the ActionMapping, and the processRoles() method returns an ActionForward of "NotAuthorized" if there is no match.
I'm working on a new application, that needs configurable ACLs. For example, one client may choose to allow users of a certain role perform action X, other clients may not. There are 20 or 30 of these types of flexible actions. Has anyone come up with a pragmatic way to implement flexible ACLs using Struts? Essentially, I need one Role to many Actions functionality, as where the roles="" attribute of struts-config gives me the opposite? Thx! -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
