To take this one further. Many our applications contain fields that are
read-only for most roles but updateable for some. For example a form with
the 3 fields: field1, field2 and field3. Everyone can update field1, some
roles can field2 and other roles can update field3.
What about a way to configure the rendering of a text tag based on role?
> > Hello!
> >
> > Has anyone considered whether it would be valuable to have
> roles defined
> > against the action definitions within struts-config.xml,
> and have the
> > controller servlet automatically validate whether the user is in the
> > necessary roles to execute the action prior to calling it?
> Has this been
> > proposed for 1.1?
> >
>
> I assume you're talking about the roles associated with
> security constraints in
> the web.xml file, right? If so, that's a pretty interesting
> idea. I will add
> it to the 1.1 TODO list.
>
> In the mean time, you can define security constraints in
> web.xml that protect
> each action individually (for example, a URL pattern of
> "/saveCustomer.do"), but
> it's pretty tedious.
>
> >
> > Regards,
> > James W.
> >
>
> Craig
>
>