I plan to use that method when necessary, but hope to accomplish a large chunk of the security requirements declaratively.
-----Original Message----- From: Madel,Kurt [mailto:kmadel@;csmi.com] Sent: Tuesday, October 29, 2002 2:39 PM To: 'Struts Users Mailing List' Subject: RE: Container Managed Authentication and roles attribute on actio n Another way is to check the role from the action: request.isUserInRole("role"); On false, forward to your error page. Not as convenient as using the Struts config, but much more definitive. Kurt Madel Programmer, CSMi (703) 823-4300 ext. 170 -----Original Message----- From: Jarnot Voytek Contr AU HQ/SC [mailto:Voytek.Jarnot@;MAXWELL.AF.MIL] Sent: Tuesday, October 29, 2002 3:33 PM To: 'Struts Users Mailing List' Subject: RE: Container Managed Authentication and roles attribute on actio n >In your web.xml file, you can define the page that is used for any >particular status code (including 400). Check out the <error-page> >directive. That's a workable solution, but a bit of kludge - assuming that the user can get a error-code of 400 for other reasons than not being authorized. I guess I was hoping for a way to trap the response before it left the struts code, perform some logic, and forward to another page (maybe the one they just came from). Thanks, Voytek Jarnot -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>