struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Mikheev <>
Subject Re: Access control with roles
Date Mon, 06 Aug 2007 23:04:05 GMT
Session A Mwamufiya wrote:
> Thanks for the replies guys, but is there an example that I can follow?  It seems to
me that a user's roles are defined in a request object, but I'm not sure how.  I'm continuing
to search online for examples.

Mapping roles to action is putting this into struts.xml:
   <action name="someAction" class="com.examples.SomeAction">
       <interceptor-ref name="completeStack"/>
       <interceptor-ref name="roles">
         <param name="allowedRoles">admin,member</param>
       <result name="success">good_result.ftl</result>

But your question is where do roles come from.
Please take a look into standard J2EE security mechanisms.
It will take some time to understand if you haven't seen it before.
Go to
and read Chapter 32, web-tier in particular.
Other security mechanisms are available too, but that's another story.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message