You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Ronald Hulen <ro...@fanniemae.com> on 2002/03/26 15:18:37 UTC

Protecting Actions in Strut 1.1 - Authorization of Actions

Looking at the javadoc of the ActionConfig.java class, I see a roleNames
array property.  It appears that the RequestProcessor.processRoles()
looks at this list of roleNames to see if a user's role is contained in
this list.  

But I don't see in the struts-config_1_1.dtd any way of adding roles to
actions.  How is this accomplished.  Do I need to protect these
resources in the web.xml as specified in the Servlet 2.2 API?


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>