I solved my own problem. After countless hours trying to solve this, a little brain jogging by a co-worker made me stumble across the fact that just hitting .../admin/ wasn't actually triggering my begin action, which is what I thought it was doing. It was in fact just going straight to the index.jsp (which begin points to) which was being controlled by the welcome-file-list. Adding <welcome-file>begin.do</welcome-file> to the beginning of that list makes sure that I actually trigger my begin action and the role authorization along with it. Doug McClure Senior Consultant Adroit Software, Inc SSC, Bldg 8625, E4-S4 704-988-4634 / 8926-4634
-----Original Message----- From: McClure, Doug Sent: Wednesday, March 19, 2008 4:59 PM To: Beehive Users Subject: Problem with rolesAllowed and directory only URLs I am working with Beehive 1.0.1 and I'm running up against a problem with the rolesAllowed attribute. Everything works fine, in that users are prevented from accessing pages when a URL is specified as http://server/app/admin/editRule.do. But if I go to http://server/app/admin/ directly it skips that role check and just displays me the main page. I've tried all manner of different setups for my begin action method, but I just can not get the security stuff to trigger. I never did role based security with Struts, so I've no experience with how to solve it there. Any ideas? Doug McClure Senior Consultant Adroit Software, Inc SSC, Bldg 8625, E4-S4 704-988-4634 / 8926-4634 ************************************************************************ ******************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact the sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ************************************************************************ ******************** ******************************************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact the sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ********************************************************************************************
