I might not understand the context well enough to comment, but before anyone
starts writing new "pluggable security adapters" isn't that what JAAS is?
Taylor
----- Original Message -----
From: "Alec Bau" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 25, 2001 3:44 PM
Subject: Re: Adding roles to the action-mappings?
> I'm also very strongly in favor of this idea! Moreover, imo, Struts should
include
> some simple pluggable security (Tomcat realm based perhaps) adapter with
default
> implementation that wraps Tomcat's realms. I'm sure community will donate
> implementations specific to other containers (WebSphere, WebLogic, etc.).
This way
> Struts app becomes more independent and portable between various
containers so one
> can develop and test his app including security stuff, for example, on
Tomcat on his
> personal box and then deploy the app with minimal hassle to shared
test/production
> servers that run, in our case, WebSphere & ServletExec. I'm sure a big
chunk of
> current Tomcat realm api's & implementation can be used as a base.
>
> "Craig R. McClanahan" wrote:
>
> > [EMAIL PROTECTED] wrote:
> >
> > > Hello!
> > >
> > > Has anyone considered whether it would be valuable to have roles
defined
> > > against the action definitions within struts-config.xml, and have the
> > > controller servlet automatically validate whether the user is in the
> > > necessary roles to execute the action prior to calling it? Has this
been
> > > proposed for 1.1?
> > >
> >
> > I assume you're talking about the roles associated with security
constraints in
> > the web.xml file, right? If so, that's a pretty interesting idea. I
will add
> > it to the 1.1 TODO list.
> >
> > In the mean time, you can define security constraints in web.xml that
protect
> > each action individually (for example, a URL pattern of
"/saveCustomer.do"), but
> > it's pretty tedious.
> >
> > >
> > > Regards,
> > > James W.
> > >
> >
> > Craig
