place your right control check in a filter, i.e whenever the user send a
request to
the server, retrieve its right information then compare the request uri,
if match,
the user has been granted to do so, or does not have the proper right.
good luck.
On 04/16/2010 10:36 AM, Stephane Cosmeur wrote:
Hello struts users
I have a really basic security problem and i would like to know what is the
best practice to resolve it.
I have an application with an authentification system and diffrent rights
for diffrent type of user. To add or remove a link/fonctionnality, we simply
declarate the element in a<s:if test=..> balise. But the problem is the
actions are still available by typing URL in bar address.
How can i fix it ?
Regards,
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
