For the first time, in struts application development I'm using roles attribute from action-mapping.
I found something weird in method processRoles on the class RequestProcessor: response.sendError(HttpServletResponse.SC_BAD_REQUEST, getInternal().getMessage("notAuthorized", mapping.getPath())); IMHO it will be more correct to send a HttpServletResponse.SC_UNAUTHORIZED. BTW, I'm using struts 1.1 What do you think? What was the reason to send BAD_REQUEST (error code 400) instead of UNAUTHORIZED (error code 401)? Thanks in advance, Joćo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]