HttpServletResponse.SC_FORBIDDEN is an int value, it should compile. Another option is to use Acegi to manage application security. It allows you to restrict access to URL patterns and/or object methods using user roles. Taking this road is not a trivial undertaking though.
http://www.acegisecurity.org/ Cheers, GB ryan webb-2 wrote: > > I am having difficulty with authentication of user levels. > I have to kinds of users "user" and "administrators". > > What we did in mySQL db is make a user table and in it, a "level" column > is > placed containing whether a user is "administrator" or not. > there's no problem with this actually (I just wrote the situation and > setup). > > *Now, I want the server to send a 403 response to non-administrative > personnel accessing some secured places in our site.* > > How can I do this?(Or is this possible? I have no idea actually..) > > I have a userBean.java that contains all user informations from database. > I made this in my execute method in Action class. (Something Like this) > > execute(response, request, form....){ > > UserActionForm uaf = (UserActionForm) form; > > UserBean userbean = new UserBean(); > > * if (userbean.getlevel().equals("user")){ > response.sendError(SC_FORBIDDEN); > } > > * return mapping.findForward....("Sucess"); > } > > this code does not compile..sendError() expects int value. I tried > sendError(403) but doesn't work. > > Any Help is Gladly Appreciated! =) > > God Bless! > Ryan Webb from Philippines > > -- View this message in context: http://www.nabble.com/how-do-i-make-the-tomcat-server-send-a-403-Forbidden-response-in-JSP-and-in-Struts--tp16623879p16648714.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
