Dear List members, 1. decide which action are allowed and which are not,
What I used was a spring AOP which intercepted Struts 2 actions, this was very simple and straight forward. 2 . decide how much data to access. This I am really working something where struts2 intercepter will read what role the user has and set some global role for that reqest which will be read by dao to use to fetch the data. 3. Regarding Notice I think somehow my firewall intercepted it and added to the mail, I am sorry for it. On Wed, Jul 7, 2010 at 7:52 PM, Brian Thompson <elephant...@gmail.com>wrote: > On Wed, Jul 7, 2010 at 8:31 AM, Dale Newfield <d...@newfield.org> wrote: > > Including a notice like this on a request for help sent to a public, > > archived mailing list is obnoxious. JSYK, I've been seriously > considering > > instituting a personal policy whereby I will never respond to such > messages. > > > > -Dale > > I think you mistyped "Including a notice like this in an email" ;) > > I really don't get where all these "OMG CONFIDENTIAL" notices come > from. One wouldn't use postcards to snail-mail confidential > information. > > As to authorization - I agree that Spring Security is a good way to go. > > -Brian > -- With Best Regards, Amol Ghotankar
