Hi, I am designing a web application using Struts, which will run using Tomcat. The system will have upwards of 1000 users, with each user having any number of around 10 possible roles.
I'm currently thinking of using JDBCRealm within the Tomcat xml file to set the roles for each of the users, then extending the RequestProcessor to ensure only authorised users can enter the secure area. I then have a number of menu options that should only be made visible to users with certain roles; I intend to use logic:present role=".." or req:isUserInRole role="..." to do this - from what I can see they are functionally identical(?). I guess what I'd like to know is: * Will this approach actually work? * Is there a better way? * Will any changes to user roles made within the database automatically update the roles that tomcat uses from the JDBCRealm, or will it require a server restart? * Also if I use a check within the jsp like logic:present role=".." to decide if a component should be dispalyed, I have read it is also advisable to require to presence of a role to use the Action. This method will require two updates to allow an additional an additional role to access a resource (update in the jsp, and in the xml file) - is there a way around this? Thank you in advance, Tim Christopher --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
