You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by MOHAN RADHAKRISHNAN <mr...@cellexchange.com> on 2004/04/12 17:33:44 UTC

override isUserInRole

Hi
      I am looking for ways to bypass CMA in one case which requires an
anonymous user to view some data.

  1. I am trying to use

public class RequestWrapper extends HttpServletRequestWrapper{

	private HttpServletRequest request;

	public RequestWrapper( HttpServletRequest req ){
		super( req );
	}

	public boolean isUserInRole( String role ){
		return true;
	}
}


I know that this is one approach. How would this work if I were using a
servlet filter ? I'd like to know how to use this to fool CMA.

2. The other approach is to use multiple security constraints in web.xml

   I have a problem again.

   How can I use URL pattern matching for /switch.do?prefix=/x&page=/x.do ?
I am using modules.

   I want to move it into a separate security constraint section without
roles.

Appreciate help. Is what I am trying to do feasible ?


Mohan




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org