Well I tried this but did not work:
action path=/listInvoice scope=request validate=true
roles=ADMIN,MANAGER
type=com.acme.InvoiceList name=invoiceForm
input=/invoicelist.do
forward name=success path=def.success/forward
Are you testing your action with the action mapping you showed? Remember, the
roles are tied to a mapping, not the action class.
Vinicius Carvalho [EMAIL PROTECTED] wrote: Well I tried this but did not work:
roles=ADMIN,MANAGER
type=com.acme.InvoiceList name=invoiceForm
Hello there! I know this kind of question has been very very
discussed. But I've been away from struts for a while.
I need to create two types of actions, one that anyone can access and
a secure one, based solely on user's roles.
Here's what I've come in mind:
public abstract class BaseAction
Vinicius,
#1: Do you have any kind of a user object? If so, use the
HttpServletRequestWrapper to wrap it up in the current request (via a filter),
and then delegate its isUserInRole method to the user.
#2: Each action mapping has a role attribute; it contains a comma delimited
list of roles
4 matches
Mail list logo