I wrote a "LoadApplication" action that executes after my user has logged in. It checks the database to see what roes they have and it fills the session with a few variables such as
admin = true; designer = false; etc. by default they are all false. Then I wrote an interceptor that checked their access from the session. If they have access the Action they are requesting would execute. If they did not have access I would redirect them to the main page. You could also have the interceptor check the Database directly. I am not a security expert, but this should be more secure than storing those values in session. There will be more overhead in checking the database before every action. On 8/6/07, Jim Theodoridis <[EMAIL PROTECTED]> wrote: > Hello > > I am using my own security manager to login to a struts application. > I am looking for a way to fires an action only when a user logs in > have the rights permissions > > Any suggestions? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
