Hi all, I'm adapting an authentication/authorization system we are using within normal JSP/servet pages. It consists of a simple class which must be instantiated at the beginning of the page. It knows where to redirect the user for authentication and within the JSP/Servlet you can use its methods to get user information such as the username, fullname, telephone, etc.
What's the best place to incapsulate the funcionalities provided by this class? I'm buiding an action for authentication purposes and I plan to develop a logicsheet to incapsulate authorization primitives so I can declaratively decide whether to make available some data or not depending on the current user role. Is this the way to go? I thought about incapsulate my class into an action, but this way I don't know how to take authorization decisions. For example I need one "edit" link if the user has the "Editors" role, but none if s/he has the "User" role. I don't want to create two different pages for this. Any help? Thanks, Gianluca -- Gianluca Sartori ELIS - SIE - Software Development Via Sandro Sandri, 81 (tel) +39 06.43.56.03.55 00159 Rome - Italy (fax) +39 06.43.56.03.99 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]