> -----Original Message----- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > > True, but it's more configuration to do. If it can be avoided > that'd be > nice.
As opposed to the extra configuration to assign roles to packages and coordinate them with the roles in web.xml? I really don't like the idea of putting security information into xwork. If we pinned packages to URL paths, and protected the paths using J2EE declarative security, you've only got security information in one place, and it can be changed at deploy time (and even at run time, depending on your servlet container). > > No, but the controller servlet can, I think. If the execution > interceptor returns LOGIN, then the controller should be able > to return > headers that correspond to showing the log-in prompt, or one could > simply have a view mapped to LOGIN that returns those > headers. Or am I > missing something? > Can this be done? I'm not sure... I think this would require container-specific code for each container we support. I know doing things like logging out cannot be done via the standard APIs, and you have to revert to container-specific code. Jason ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork