I trying to use roles in my application, like an administrator can do anything and other users cannot. I using JDBC realm for that but it doesn't seem to be working. Here is my struts-config.xml <!-- Action Mapping Definitions --> <action-mappings> <action path="/login" type="LoginAction" name = "loginForm" scope="request" input="/index.jsp" validate="true"> <forward name="continue" path="/principal.jsp"/> <forward name="erro" path="/index.jsp"/> </action> <action path="/adm" roles = "adm" forward = "/adm.jsp"> </action> <action path="/user" roles = "user" forward = "/usr.jsp"> </action> <action path="/principal" forward = "/principal.jsp"> </action> </action-mappings> And here is my web.xml (the security part) <security-constraint> <display-name></display-name> <web-resource-collection> <web-resource-name></web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/do/*</url-pattern> <!-- If you list http methods, only those methods are protected --> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>adm</role-name> <role-name>user</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/index.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config>
<!-- Security roles referenced by this web application --> <security-role> <role-name>adm</role-name> <role-name>user</role-name> </security-role>
In my login form the action is called like this <html:form action="/login"> .... </html:form> I would like that after the login I would go to principal.jsp and there I would have two links: one to be accessed by adm users and other to be used by the ones with "user" role. What I'm doing wrong?