I created a RoleActionFilter and RoleRestricted interface that our actions implement which returns a String[] of acceptable roles. The RoleActionFilter gets the Action using the ActionFactory and, if it implements RoleRestricted, it checks the role of the current user against the acceptable roles and either allows access or throws a ServletException.
All of this is MUCH cleaner in WW2 where namespaces make Actions pinned to certain paths (or not, your decision, but at least you CAN decide). Jason > -----Original Message----- > From: Anders Engström [mailto:[EMAIL PROTECTED] > Sent: Friday, March 07, 2003 9:17 AM > To: [EMAIL PROTECTED] > Subject: [OS-webwork] WW and J2EE based security > > > > Howdy. > > Is there a "best-practice" for using J2EE container managed > security with WebWork 1.3 (<security-constrainy> etc. in web.xml)? > > I've discussed some possible strategies with Joseph > (Ottinger) on irc, but none of them seem natural. > > 1 - prefix action mappings with secured-theaction.action in > views.properties and restrict access to these mappings in web.xml. > > 2 - use different webwork.action.extension (.action & > .secured-action) and restrict access based on extension in > web.xml (is it even possible to specify more then one > extension in webwork.properties?) > > 3 - use web.xml to restrict access to the web-resources (i.e. > /jsp/secured/somepage.jsp). This would only protect the view, > but not the execution of the action. > > How are you folks out there managing this situation? > > Best Regards //Anders > > -- > |===================================| > | Anders Engström | > | [EMAIL PROTECTED] | > | http://www.gnejs.net | > |===================================| > |Your mind is like an umbrella. | > |It doesn't work unless you open it.| > | /Frank Zappa | > |===================================| > > > > ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
