Joined: 10/01/2008 08:20:15
An authenticated user can belong to one or more groups. All you have to do is:
Now to protect access to an action you can do:
The AuthorizationFilter returns the result ACCESSDENIED if the current authenticated user does not belong to the admin group. Then a global consequence can redirect to a page or throw an exception.
And how to protect access to an JSP page
1) Blocking access to a page:
2) Block access to a portion of the page:
Mentawai also supports authorization by permissions. For more info see here: http://www.mentaframework.org/authorization.jsp