In your struts.xml for the action mapping add the roles interceptor
as following.
<struts>
<package name="email" extends="default" namespace="/email">
<default-interceptor-ref name="crudStack"/>
<!-- Users -->
<action name="list" class="com.xxx.NotificationEmailAction"
method="list">
<result>/email/listemail.jsp</result>
<interceptor-ref name="basicStack"/>
<interceptor-ref name="roles">
<param
name="allowedRoles">Administrator,Role2,Role3,Role4</param>
</interceptor-ref>
</action>
..................................
</struts>
____________________________________
Then use the regular web.xml security settings and define the roles
there and (if tomcat is used) in the tomcat-users.xml file.
brian-
On Sep 28, 2007, at 12:13 PM, Mufaddal Khumri wrote:
Hello,
In Struts old we used to do this in struts.xml:
<!-- secure plugin -->
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="enable" value="true"/>
<set-property property="addSession" value="true"/>
</plug-in>
What is the struts 2 way of securing your actions? Is there a
predefined interceptor or packaged plugin I can use? Any pointers.
Thanks,
Mufaddal.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
