Solution 1: I don't believe there has to be any correlation between your web-resource-collections in your security-constraints and your servlet-mappings in web.xml. It seems to be perfectly valid to map *.do to ActionServlet (a single servlet-mapping) and have /admin/*.do and /user/*.do handled by two different security constraints.
Solution 2: You also have the option (since Struts 1.1) to declare your security inside of struts-config.xml. The roles attribute of the action element lists the set of roles that you are allowing to access a particular action. -- Jeff On 5/8/05, alec <[EMAIL PROTECTED]> wrote: > Would there be any sample code showing how to use declarative security in > Struts? I guess this would be a bit tricky as there is only 1 web resource > to protect (ActionServlet) > > Appreciate any pointer. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
