I was reading the struts-template generated pages and they described a security.tld; since I cannot find that and after reading the snippets from David Geary's Javaworld article, it doesn't look too hard to do your own tag that would simply do:
private boolean roleIsValid() { return role == null || // valid if role isn't set ((javax.servlet.http.HttpServletRequest) pageContext.getRequest()).isUserInRole(role); } <security:authenticate role="admin"> // display whatever </security:authenticate> I suppose if you wanted to do specialized realm authentication with my below example: page.jsp?id=3 vs. page.jsp?id=4 You could do the same thing you do with OSCache and pattern matching. Role would be 'PAGE.JSP_<%=request.getParameter("id")%>' and write a filter or abstract it to work with tags also. It seems each week we have a new theme... authentication this week, slowly trickling back into relational database mapping.... maybe the next big question will be why it stings when I get shampoo in my eyes... any takers? Eddie? Jacob Hookom Comprehensive Computer Science University of Wisconsin, Eau Claire -----Original Message----- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 11:45 PM To: Struts Users Mailing List Subject: Re: Security and Struts Jacob Hookom wrote: >I think the real issue is that realm authentication and filter >authentication is context based. Aside from messing with tiles (great >technology, just not interested) > :-) >what is pro quo for pageContext >security if I use the same view for multiple items? > >IE, you can see page.jsp?id=3 but not page.jsp?id=4 > Very good question - you'd either allow/disallow access to page.jsp I belive. In your case, you'd have to have something finer-grained. > > >Jacob Hookom >Comprehensive Computer Science >University of Wisconsin, Eau Claire > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>