I just got J2EE container managed security working and now I'd like to
add roles to my struts action. I downloaded the Struts 1.1b2 and have
it installed. When I add a role to my action:
<!-- Process a user logon -->
<action path="/login"
type="com.idtect.oemserver.web.LoginAction"
name="loginForm"
scope="request"
input="/login.jsp"
roles="idtect_readonly">
I get the following error:
HTTP Status 400 - User is not authorized to access action /login
I was expecting it to display a login box. So then I protected a JSP
using the web.xml file and accessed the JSP (getting the login box and
logging in). I retried my action and got the same error. This puzzled
me because I was already logged in.
I know this is a new feature, but if anyone has any examples or a link
to some documentation on this I'd greatly appreciate. The thought of
specifying security for each action in my web.xml really bothers me. I
think this roles attribute is a great addition to Struts.
Michael
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
