Hi David... Here is what we did.
we did not use the roles framework for security ( logins ) instead we created our own as we needed a more robust rights framework ( our had to be context sensity as per the application.. ie..if the data is true then these are your current right .. if not they may be different ) as all struts programers should do :) we have extended the Action using our own SecuredActionBase object and then all of our actions extend it ... Each action has a right assigned to it. You must have the right to view this page / module / section.. The right check is made when the action is first run ( by the SecuredActionBase object ) and then control is released to the action that extended it.. so that the actual business logic can be run. If the security test failed we forward them back to the main screen ( same one they get after logging in ) Hope i made sense if not let me know. JMG --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]