You should be able to do this with standard J2EE security provided by your web container.
If you store your user credentials in a database, then you may want to look at SecurityFilter: http://sourceforge.net/projects/securityfilter/ It allows you to leverage standard J2EE security features but provides more flexible authentication. robert > -----Original Message----- > From: Patrick Scheuerer [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 28, 2003 6:37 PM > To: Struts Users List > Subject: Design question regarding struts security features > > > Hello everybody, > > I'm in the process of developing my first Struts application, so forgive > me if this question is insulting everybody's intellect. > > The application I'm working on is a support portal where you can > download technical document, drivers etc. The tricky part is, that > certain documents should be only accessible to users with a certain role. > > My idea so far is to put a user object in the session and to evaluate > the role (and therefore the access level) of the user for all views that > are displaying data which might be restricted. > I guess the easiest way would be using a jsp tag like > <security:checkAccessLevel /> which would retrieve the user object from > the session (if it exists) and the then filter the data accordingly. Is > there such "security taglib" around? > > Has anybody worked on a similar scenario? What is the best approach to > solve this problem? Is there a best practice for it? Any tips, hints, > code snippets are welcome. > > Thank you very much. > > Patrick > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]