I'm relatively new to struts. I've built an application on the Struts framework as a "Generic user" so there is no login thus far. The next phase of the project is to implement security based on roles. I would like to do this using XML as the security roles config file so that new roles can be added dynamically rather than programmatically. With this I have several questions and ask for advice with the goal of coding using a "Best Practices" approach.

I'm not sure of another way to do this, so my plan is to create a "Security Object" that I can list what fields the current role (each user will only have 1 role) has and the level of access (e.g. read only or modify). I expect I'll have to use the Logic taglibs to determine whether or not the field should be displayed and whether it should display text (for read only) or an input field.

1) Is this a reasonable approach (using XML to dynamically create new roles)

2) Is there a better way to hide fields on the view than using "Logic" taglibs?

3) What XML parser is recommended? I found JDom 10, is that reasonable to use? Or should I stick with SAX or DOM? Or others?

4) I will need to create an interface for our users to update the XML file. What will be the easiest way to update this file? Where should I put it on the server so it is accessible?

5) I assumed I can't use XSLT to transform the pages since there will be multiple security roles and the fields will be dynamic as text or imput boxes/checkboxes/etc. Is this a valid assumption?

I'll stop here since this is a lot of questions. I understand the basics of XML and have done XML transforms before using a web browser and Microsoft's XML parser. This is the first time for me using Java/Struts with XML so I'm not sure the "Best Practices" approach in this framework.

Any help will be appreciated.