Hand-rolled security almost always has many holes. I would suggest using spring security.
Cimballi wrote:
One way to do it it to have a super action with a permission property, and you set the permission property with a static param in your struts xml files using the StaticParameters interceptor.
Make sure you don't have a params interceptor after your staticParams interceptor, or else users can change the injected security level with an added request parameter.
-Dale --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org