How can be managed dynamic roles in struts 2?. For example I have a role editor to add and delete and users, but an administrator in the web app change his permissions to allow only addition.
I think to do it with an interceptor that read the list of functions allowed for each role from the database and restrict the execution of actions for functions not allowed.
Is this the right way or are there something better like Spring Security for Struts?
You can try assign static roles and link them with a database where the functions of a role could be changed.