[EMAIL PROTECTED] wrote:
> Hello!
>
> Has anyone considered whether it would be valuable to have roles defined
> against the action definitions within struts-config.xml, and have the
> controller servlet automatically validate whether the user is in the
> necessary roles to execute the action prior to calling it? Has this been
> proposed for 1.1?
>
I assume you're talking about the roles associated with security constraints in
the web.xml file, right? If so, that's a pretty interesting idea. I will add
it to the 1.1 TODO list.
In the mean time, you can define security constraints in web.xml that protect
each action individually (for example, a URL pattern of "/saveCustomer.do"), but
it's pretty tedious.
>
> Regards,
> James W.
>
Craig
