Return-Path: Delivered-To: apmail-jakarta-struts-user-archive@apache.org Received: (qmail 99272 invoked from network); 23 Aug 2002 07:30:46 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 23 Aug 2002 07:30:46 -0000 Received: (qmail 9951 invoked by uid 97); 23 Aug 2002 07:31:11 -0000 Delivered-To: qmlist-jakarta-archive-struts-user@jakarta.apache.org Received: (qmail 9935 invoked by uid 97); 23 Aug 2002 07:31:11 -0000 Mailing-List: contact struts-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list struts-user@jakarta.apache.org Received: (qmail 9922 invoked by uid 98); 23 Aug 2002 07:31:10 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) From: "Michael" To: "'Struts Users Mailing List'" Subject: RE : Specifying roles for actions Date: Fri, 23 Aug 2002 09:30:48 +0200 Message-ID: <00ee01c24a77$00d99ba0$1f01a8c0@michael> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <006d01c249b6$230cc470$6401a8c0@ozzy> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > FYI, this particular issue was the hardest thing about implementing form > based login in Tomcat. > The nice thing about using a Filter to implement application-managed > security (the way that SecurityFilter does it) is you don't have to modify > Struts, or your Struts-based application, to use it. Just put them > together and configure them both. On the other hand, there's no reason to > limit the availability of SecurityFilter to only those users smart enough > to adopt Struts :-) -- it is generally useful. But Craig, do you have any ideas about how Struts can redirect a user to the login page? For now do you recommend not assigning roles to actions in the struts_config.xml? Michael -- To unsubscribe, e-mail: For additional commands, e-mail: