Hello there! I know this kind of question has been very very discussed. But I've been away from struts for a while.
I need to create two types of actions, one that anyone can access and a secure one, based solely on user's roles. Here's what I've come in mind: public abstract class BaseAction extends ActionSupport { protected boolean isUserInRole(HttpServletRequest request){ return true; } public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { ActionForward forward = null; if(isUserInRole(request)){ forward = doExecute(mapping,form,request,response); }else{ forward = mapping.findForward("global.naoPermitido"); } return forward; } public abstract ActionForward doExecute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception; public abstract class SecureAction extends BaseAction { protected boolean isUserInRole(HttpServletRequest request) { HttpSession session = request.getSession(); return super.isUserInRole(request); } } Now here's the question : I'd like to have all SecureAction's subclasses to inform it's parent class about which role is required to access that class. It would be very nice if that could be done by configuration struts-config. I was reading about the set-property param. So I could have a role:String property on my SecureAction and all subclasses would have accessor/muttators for it. Which would be a nice design for this requirement? I mean, whats the best alternative? Regards --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]