Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Exceptions to a default security-constraint

 
Anders Sjurmann
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I’ve used Struts2 and Glassfish to create a web-app which has two user roles: user, and admin. I would like all actions to be constrained to the admin role by default, and a subset of the actions to be available to the "basic" user. I guess this can be achieved by for the admin-role. But, and here is the problem, I also have a login-action and a registration-action (register new users) which should be available for everybody, and the *-constraint will not allow this. So is there a way to create a security-constraint which applies to users that are not logged in? Is there a default user-role which applies to users that are not logged in? Or any other way to create an exception to a "default" security-constraint?

Or is the only solution to name all actions explicitly for all constraints, and leave out the register- and login-action (i.e. no "default" security-constraint)

Thanks, Anders
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic