i send a mail where i explained what he should use in this case (realm)
here is the mail content
ah , no , if you wanna make a test of user privilige , u can use in this
case realm
u defines roles
and u can protect same page by
security-constraint tag , u defines differents roles , here is an example
<security-constraint>
<display-name>Test d'authentification tomcat</display-name>
<!-- Liste des pages protégées -->
<web-resource-collection>
<web-resource-name>Page sécurisée</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<!-- Rôles des utilisateurs ayant le droit d'y accéder -->
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!-- Type d'authentification -->
<auth-method>BASIC</auth-method>
<realm-name>Espace Membres</realm-name>
</login-config>
<!-- Rôles utilisés dans l'application -->
<security-role>
<description>Administrateur</description>
<role-name>admin</role-name>
</security-role>
but u know if u have personal pb with some one and u look for the
opportunity to offend him freely
it is too stupid behavior i think
2009/4/21 Dave Newton <newton.d...@yahoo.com>
> Jim Kiley wrote:
>
>> Are you recommending testing a user's privileges in the untrusted,
>> untrustworthy, totally hackable client code? Really?
>>
>
> Oh, what's the worst that could happen?
>
>
> Dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
--
Elyes.
