> This would essentially mean that XWork would have to support these two > invocation types: > /action/bar > /foo/bar.action
I'm probably not explaining myself well. To me, these are both examples of path based security, struts style. Your second example with the jsp was what I was considering role based security. I'd like to propose the following approach as a potential solution. Below are two examples of what modified actions.xml files (or whatever xworks uses) might look like: Let's assume for both these examples that a Filter is being used. The traditional Servlet controller doesn't support a /foo/xyzzy.jsp implementation. Example 1: In this example, our Servlet filter is mapped to *.action so that a request to http://somesite.com/{context}/some.action invokes the SomeAction while http://somesite.com/{context}/xzy/another.some.action invokes AnotherAction. The security role would be optional and could also be specified inside the body of the <action> tag if the xwork was to support multiple roles. <action name="com.indigoegg.SomeAction" alias="/some" role="xyz"> <view name="input">/WEB-INF/views/some-input.jsp</view> <view name="success">/WEB-INF/views/some-success.jsp</view> </action> <action name="com.indigoegg.AnotherAction" alias="another.some"> <view name="input">/WEB-INF/views/another-input.jsp</view> <view name="success">/WEB-INF/views/another-success.jsp</view> </action> Example 2: In this example, our Servlet filter is mapped to *.jsp so that requests for /foo/xyzzy.jsp are intercepted by the filter. A couple things changed in our configuration. The first is the addition of an action-mapping section. <action name="com.indigoegg.SomeAction" ref="some"/> <view name="input">/WEB-INF/views/some-input.jsp</view> </action> <action-mapping> <action-ref>some</action-alias> <url-pattern>/foo/xyzzy</url-pattern <!-- apply security here --> </action-mapping> Example 3: This example combines both styles and maps to *.jsp. In this case, a request for /path.jsp would map to /WEB-INF/views/some-success.jsp whereas a request for /foo/xyzzy.jsp would be directed to /foo/xyzzy.jsp <action name="com.indigoegg.Bar" alias="/path" ref="bar"/> <view name="success">/WEB-INF/views/some-success.jsp</view> <view name="input">/WEB-INF/views/some-input.jsp</view> </action> <action-mapping> <action-ref>some</action-alias> <url-pattern>/foo/xyzzy</url-pattern> <!-- apply security here --> </action-mapping> While I think the style in Example 2 is very flexible, it comes at the cost of increased configuration file complexity. -- Matt Ho Principal Indigo Egg, Inc. http://www.indigoegg.com/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork