Brian Trzupek wrote: > Great question. What I have done in the past (and maybe there are > better ways) is to: > 1) When the user logs into the application, I cache off the users role > as well as other attributes (usually in a small User object in > session). thes attributes are the result of loading the User and attrs > from the Database. > > 2) I have a Base Action that all the actions in the project extend. In > this base action I have a method to 'set the access level(s) for > calling that action'. The second method is an implementation of the > perform method that first checks the 'access' for the calling user > (based on the subclass's set access level). If that access is denied, > then the appropriate forward is used to indicate a credential error. > If it is ok, then I call an abstract perform2 method that the subclass > can implement (same signature as perfrom/execute). When that method > returns then I manage any errors (back in the base method) and return > the forward from the subclass. Another way to do this with a higher level of abstraction is to use a custom request processor and overload the processRoles method. This way you can set access levels in your struts config file and keep all the role handling code out of the mainline, which is always a Good Thing.
Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
