> I need to allow a user to log in to my struts2 web app and approve an > image. They can only see their images pending approval and should not > have access to the rest of the site.
We implement this concept by simply using role-based security. Users who are allowed to approve or deny images or documents associated to an indirect material in inventory receive an email notification when another user adds a new document (could be an image) to a part. The email includes a link which will request authentication from this power user and they're dropped at the web page where they can select whether to approve/deny the attachment if they wish. >From a technical point of view, the approval choice simply makes an Ajax call to the server when the power user selects approve or deny. The record gets marked accordingly and the web page is dynamically rendered indicating that the approval/denial was successful or if an error occurred. We do have Spring Security 3.1 implemented in this process to handle validation of the role-based security authorizations for these power user calls to our service layer since we have a large enterprise web application that centralizes a plethora of daily activities for various user groups. Good luck! Chris --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
