* auth annotations on action methods, to use roles and so on.
*/
@Override
protected boolean authorize(ActionRequest request, Object sessionObject) {
String actionPath = request.getActionPath();
UserSession userSession = (UserSession) sessionObject;
int userLevel = userSession == null ? 0 : userSession.getUser().getLevel().getValue();
if (actionPath.startsWith("/user/")) {
return userLevel >= UserLevel.USER.getValue();
}