Well I tried this but did not work: <action path="/listInvoice" scope="request" validate="true" roles="ADMIN,MANAGER" type="com.acme.InvoiceList" name="invoiceForm" input="/invoicelist.do"> <forward name="success" path="def.success"></forward> <forward name="failure" path="/invoicelist.do"></forward> </action>
And on my action: String roles[] = mapping.getRoleNames(); Problem is that roles has a zero size array. What have I done wrong here? Best Regards On 6/28/06, Paul Benedict <[EMAIL PROTECTED]> wrote:
Vinicius, #1: Do you have any kind of a user object? If so, use the HttpServletRequestWrapper to wrap it up in the current request (via a filter), and then delegate its isUserInRole method to the user. #2: Each action mapping has a "role" attribute; it contains a comma delimited list of roles that may access the action. Paul Vinicius Carvalho <[EMAIL PROTECTED]> wrote: Hello there! I know this kind of question has been very very discussed. But I've been away from struts for a while. I need to create two types of actions, one that anyone can access and a secure one, based solely on user's roles. Here's what I've come in mind: public abstract class BaseAction extends ActionSupport { protected boolean isUserInRole(HttpServletRequest request){ return true; } public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { ActionForward forward = null; if(isUserInRole(request)){ forward = doExecute(mapping,form,request,response); }else{ forward = mapping.findForward("global.naoPermitido"); } return forward; } public abstract ActionForward doExecute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception; public abstract class SecureAction extends BaseAction { protected boolean isUserInRole(HttpServletRequest request) { HttpSession session = request.getSession(); return super.isUserInRole(request); } } Now here's the question : I'd like to have all SecureAction's subclasses to inform it's parent class about which role is required to access that class. It would be very nice if that could be done by configuration struts-config. I was reading about the set-property param. So I could have a role:String property on my SecureAction and all subclasses would have accessor/muttators for it. Which would be a nice design for this requirement? I mean, whats the best alternative? Regards --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1ยข/min.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]