It's not a question of making your model work with CMA. You would use one or the other. Most likely (unless you have "odd" needs), the functionality provided by CMA will suffice to meet your goals.
Once you have CMA setup there is *one* hit to authenticate the user - and that information is then maintained by the server and is available through *standard* methods (which your database-driven scheme cannot boast, I think) which will allow Struts to be selective about which options it gives the user (if you configure it to do so). CMA "just does it". It will check when a protected resource is requested and see if the user is authenticated. If they are not - boom - they have to authenticate. You no longer have to check on every page. Checking on every page is (IMHO) a "hack". Please go read up on Container-Managed Authentication. Either grab a copy of the servlet spec or search the web. There is a lot of "general" information about it. For information about configuring it with *your* servlet container, see your container's handbook (user guide). If you're using Tomcat, and you can access your database via JDBC, check out JDBCRealm. If you don't think that's a "good fit" you might check out Max Cooper's (I think that's his name) project on SourceForge - the project is "securityfilter", I think. Hoang, Hai wrote: >I already have my own database driven security model. Once a user logon I >already know his role. But the problem is that how do I make this security >model to work with the container-managed model so I don't have to check >every on single page. > >Hai > -- Eddie Bush -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
