Craig, I found out the hard way that URL patterns are not regular expressions. Why the limitation? My solution (which I did not implement) was to attach a filter to "/" and then run regular expression patterns on the URI.
Paul -----Original Message----- From: Craig McClanahan [mailto:[EMAIL PROTECTED] Sent: Monday, May 09, 2005 3:39 PM To: Struts Users Mailing List; Jeff Beal Subject: Re: Sample Code for Desclarative Security in Struts On 5/9/05, Jeff Beal <[EMAIL PROTECTED]> wrote: > Solution 1: I don't believe there has to be any correlation between > your web-resource-collections in your security-constraints and your > servlet-mappings in web.xml. It seems to be perfectly valid to map > *.do to ActionServlet (a single servlet-mapping) and have /admin/*.do > and /user/*.do handled by two different security constraints. There's an important detail necessary to get this right. URL patterns in web.xml are not fully flexible regular expressions. What you would do in this case is map Struts to "*.do", and have web resource collection constraints on "/admin/*" and "/user/*". That would have the effect of protecting the admin and user actions (as well as anything else in those two subdirectories), while allowing unauthenticated access to all the other actions. > > Solution 2: You also have the option (since Struts 1.1) to declare > your security inside of struts-config.xml. The roles attribute of the > action element lists the set of roles that you are allowing to access > a particular action. This is likely to be better if you want to protect just a few actions, instead of groups of them. In the latter case, Solution 1 is likely to work better. > > -- Jeff > Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ------------------------------------------------------------------------------ Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. ------------------------------------------------------------------------------ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
