Nic,
I think the best thing to handle the situation below would be to direct the
user to a return a 403 error (forbidden). Then in the web.xml, it might be
possible to direct your server to route 403 errors to a specific page. Is
there anywhere that you specify returning a 404 error?
This is a comment to the following message at:
http://husted.com/about/struts/struts-security.htm
But what happens when the user is found to not be in the correct role? At the
moment the user just gets a page not found at the browser level which is good
in one way in that if a user went to the URL directly they wouldn't know if the
URL is correct or not but we may want it to go to a specific (configurable)
'illegal access' page or something similar. Comments?
Thanks,
Matt
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
