On Tue, 10 May 2005 04:50:47 -0700 (PDT), Greg Akins wrote > I have a page that, from a security standpoint, is > split in two. > > The first half of the page can be updated by anyuser > if a given session attribute is set, otherwise it can > only be updated by certain users. > > The second half of the page can be updated by anyone. > > I was thinking I should check for Authorities in my > Action class and set a boolean to false if I don't > find the correct role. Then use that boolean as a > "disabled" on the Struts page elements. > > However, I'd imagine someone with more experience has > a better way to do this? Can someone give me some > advice on this?
The Acegi AUTHZ tag would be perfect for this. Just "wrap it around" the section that requires elevated rights, keying off the role(s) the user needs to have. Scott ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer