To take this one further. Many our applications contain fields that are
read-only for most roles but updateable for some. For example a form with
the 3 fields: field1, field2 and field3. Everyone can update field1, some
roles can field2 and other roles can update field3. 

What about a way to configure the rendering of a text tag based on role?
 
> > Hello!
> >
> > Has anyone considered whether it would be valuable to have 
> roles defined
> > against the action definitions within struts-config.xml, 
> and have the
> > controller servlet automatically validate whether the user is in the
> > necessary roles to execute the action prior to calling it? 
> Has this been
> > proposed for 1.1?
> >
> 
> I assume you're talking about the roles associated with 
> security constraints in
> the web.xml file, right?  If so, that's a pretty interesting 
> idea.  I will add
> it to the 1.1 TODO list.
> 
> In the mean time, you can define security constraints in 
> web.xml that protect
> each action individually (for example, a URL pattern of 
> "/saveCustomer.do"), but
> it's pretty tedious.
> 
> >
> > Regards,
> > James W.
> >
> 
> Craig
> 
> 

Reply via email to