On Fri, 21 Mar 2003, Dan Allen wrote:
> Date: Fri, 21 Mar 2003 14:14:16 -0600 > From: Dan Allen <[EMAIL PROTECTED]> > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: user active vs. user role > > Just a quick little security question here. Do you think it would > be better to make a special role for inactive users or do you think > that an active/inactive switch should be a field in the datatable > for the user? > > Basically, the user signs up, but then they have to be activated > before they can do anything. > If you're using container-managed security (or something that looks like it, such as securityfilter), one elegant solution would be to model the activation as a role named "activated" -- your administrative process would just add this role as soon as they've done whatever processing is needed to authorize the new user. In the mean time, you can use the lack of this role to redirect the user to a nice page that says "we're in the process of activating your account - please try again later", with no need for any custom logic or special Realm implementation. > Dan Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
