> -----Original Message----- > From: Barnett, Brian W. [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 04, 2005 11:04 AM > To: 'Struts Users Mailing List' > Subject: Security question > > > I'm using LookupDispatchAction and role-based security. I > want to allow > certain roles to access certain dispatches of an action. I'm > not sure what > the best way to handle this is. > > Should I create separate Action classes? Is there a slick way > to specify > "dispatch level" security in web.xml?
The container managed security is handled by URL. Which might include parameters. If not you'll have to use one of the dispatch that requires a seperate URL to do this. Alternatively you'll have to put the security checks inside each method. > > Can someone point me to a good article(s) on using role-based > security in a > struts app that might address these issues? > > Thanks, > Brian > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
