Hi Stephane, As Kun says, you have to test the role in your action. One way to do it it to have a super action with a permission property, and you set the permission property with a static param in your struts xml files using the StaticParameters interceptor. Then, you add a hasPermission method to your super class, and you write a PermissionInterceptor which calls the hasPermission method. Finally you add the PermissionInterceptor interceptor to your stack on all protected actions.
Cimballi On Thu, Apr 15, 2010 at 9:39 PM, Kun Niu <haoniu...@gmail.com> wrote: > You should check the authentication all by yourself in your action. > > Stephane Cosmeur wrote: >> >> Hello struts users >> >> I have a really basic security problem and i would like to know what is >> the >> best practice to resolve it. >> >> I have an application with an authentification system and diffrent rights >> for diffrent type of user. To add or remove a link/fonctionnality, we >> simply >> declarate the element in a <s:if test=..> balise. But the problem is the >> actions are still available by typing URL in bar address. >> >> How can i fix it ? >> >> Regards, >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- Cimballi JAVA J2EE Freelance http://cimballi.elance.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
