Preventing users from accesing action.
Created May 7, 2012
If you are using Struts 1.0, people often write this sort of thing into a standard base Action class. On entering perform, the Action does a security check on itself, and if it passes, calls another method with the same signature (like, say, execute). Otherwise, it forwards off to whereever.
To store the security roles in Struts 1.0, you can add a public properties to your base Action (like, say, roles), and then use the set-property element to set the roles for each action.
The perform in your base Struts 1.0 Action could then run the security check if roles is not null, or skip it if not. If it passes, it can call the other signature.
If you use execute and roles for these extensions, you will also be upwardly compatible with Struts 1.1. Just be sure to have your execute method return Exception (which perform can then toss as a ServletException).
HTH, Ted
--
Ted Husted, Struts in Action.