THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- define security needs of your action.
- remove all attempts to get authenticated user via RollerSession and replace with a simple call to getAuthenticatedUser(). access to the authenticated UserData object is provide for you by having your action extend the UIAction class, so there is nothing that you need to do. by default, all actions require an authenticated user, so if the user is not properly authenticated when trying to access an action then they will get an access denied page.
- remove all attempts to get the weblog used by the action via a RollerRequest object and replace with a simple call to getActionWeblog(). just like above, this is extracted from the request and populated for you.
- to see how you can control the security options for your action, check out the http://svn.apache.org/viewvc/roller/trunk/src/org/apache/roller/ui/core/util/struts2/UISecurityEnforced.java?revision=529793&view=markup UISecurityEnforced interface which provides control points. this interface is implemented by the UIAction class which you most likely should be extending, so you can modify the default behavior by simply overriding any of the methods from that interface in your action class.
...