Hi, You may find some information in http://pow2acl.sourceforge.net/
Good Luck Cliff ----- Original Message ----- From: "Barnett, Brian W." <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <user@struts.apache.org> Sent: Wednesday, January 05, 2005 4:50 AM Subject: RE: Security question > Well, I guess I'll proceed with that. Thank you. > > -----Original Message----- > From: Chaikin, Yaakov Y. [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 04, 2005 1:55 PM > To: 'Struts Users Mailing List' > Subject: RE: Security question > > I don't know of any other way than to programmatically check user's role > inside your Action's method. There is no way to specify attributes in the > <url-pattern> of the <security-constraint>. It just doesn't support such > pattern matching. > > Yaakov. > > -----Original Message----- > From: Jim Barrows [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 04, 2005 1:30 PM > To: Struts Users Mailing List > Subject: RE: Security question > > > > -----Original Message----- > > From: Barnett, Brian W. [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 04, 2005 11:04 AM > > To: 'Struts Users Mailing List' > > Subject: Security question > > > > > > I'm using LookupDispatchAction and role-based security. I > > want to allow > > certain roles to access certain dispatches of an action. I'm > > not sure what > > the best way to handle this is. > > > > Should I create separate Action classes? Is there a slick way > > to specify > > "dispatch level" security in web.xml? > > The container managed security is handled by URL. Which might include > parameters. > If not you'll have to use one of the dispatch that requires a seperate URL > to do this. > > Alternatively you'll have to put the security checks inside each method. > > > > > Can someone point me to a good article(s) on using role-based > > security in a > > struts app that might address these issues? > > > > Thanks, > > Brian > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]