Morten Andersen wrote: > This I would implement in RequestProcessor.processActionPerform(...) > where I check the users role for the specific page and based on that get > the respons taylored for that role and check whether they may do what > they intend.
RequestProcessor.processRoles? > > Example: Some users may edit a page. Who that may edit the page varies > over time. The users role on the page is set per page. > > As far as I understand Realm only checks whether the user may use a > specific method (action). No finegrained access-control is possible. How fine-grained do you want it? If the Realm stuff allows method-level access that seems finer-grain than URL, but I think I'm just not completely understanding your question. If you want _fine_-grained access control drop Spring on top of Struts and use Acegi. Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]