I noticed that the 1.3 code base uses HttpServletResponse.SC_ FORBIDDEN (403), but the 1.1 code base (which I am still stuck using) uses HttpServletResponse.SC_BAD_REQUEST (400). Returning a 403 error is probably more valid. In either case the user will see a standard error page in their browser which may or may not be acceptable in your case.
Joined: Sep 10, 2004
thank you guys!
I practiced the processRoles and it works fine. problem is what if I have a dispatchAction with numeros methods and only 3 of them must be protected.
Q: how do I protect a *specific* action/method with processRoles? * mind that there are 7 methods and 3 of which must be protected (please don't tell me I have to put them in a different class - maintenance nightmare)
Joined: Feb 08, 2006
There are a few reasons that I am not using DispatchAction and I guess you can add this as another one. It just seems like too often you need to be able to configure things like forwards or validation differently.