Phil,
I do this in hasRoleName():
// pull the user info from the session
User user = getUser(bean);
if (user == null)
return false;
if ("user".equalsIgnoreCase(roleName))
return true;
That lets me use role "user" for anyone who is logged in even though the
role doesn't really exist in my database.
Aaron
phil darley wrote:
> Hi,
>
> I'm using Oscar's security solution for my ActionBean's and I was
> going to use a security constraint within the web.xml file to secure
> all my jsp's that sit within a /private/ directory. However I don't
> like this solution because it forces me to specify a rolename, I just
> want a user to be logged in - not have any specific role - for my app
> this would also mean adding a 'base' role to 500+ users.
>
> Is there a way to configure the SecurityInterceptor to do this i.e.
> intercept after the initial resource request, if URL contains
> /private/, send forward the SecurityManager.
>
> Cheers,
> Phil
>
> ------------------------------------------------------------------------------
> Are you an open source citizen? Join us for the Open Source Bridge conference!
> Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
> Need another reason to go? 24-hour hacker lounge. Register today!
> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
> _______________________________________________
> Stripes-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
