Hi Chong, Container based security is a topic that comes up regularly on the list try searching on it.
When you use container based security your authenticated user will be associated with one or more roles. This is a J2EE feature. Struts can use the 'role' information in several ways: - the tile and template extensions provide a 'role' tag to conditionally include content depending upon a users role. - within your action class your can call request.isUserInRole (<role>) and execute code depending on the result. - within the struts-config you can set a role against an action-mapping so that only users in the given role can access the action. Never used this feature so I'm not sure what happens if the user is not in the role. Jon Ridgway -----Original Message----- From: Chong Oh [mailto:[EMAIL PROTECTED]] Sent: 08 May 2002 21:10 To: 'Struts Users Mailing List' Subject: Design question on roles and tasks All: If this has been discussed already, I apologize. I am implementing an user access based on roles and tasks, where a user has roles and each role has tasks. Ideally, each task has a one to one relationship with each link on the JSP, whereby the access to those links depends on user's role/s. All roles and tasks are persisted. Upon successful login, user's roles will be accessed and all tasks associated will be retrieved. All links associated with tasks will be shown on the JSP via logic tags. Has anyone implement this with struts yet. Could you share your experience with me, particularly the question whether this is a good design in the first place? Thanks in advance Chong -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201 0600 and then delete the entire e-mail from your system. Unauthorised review, distribution, disclosure or other use of this information could constitute a breach of confidence. Your co-operation in this matter is greatly appreciated. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>