On behalf of Elpidio Latorilla (he has mail problems again):
==============================================================
Hi,
I remember a post recently about problems getting into other modules
from one module. I just could not find the post from my mailbox anymore
so I am starting a new thread about that.
Here is the reason:
That current design of care2x discourages "crisscrossing" from one
module to another. This is done by hardcoding a "local" user into each
module. If one uses the program in the original way, the authentication
routine "lends" the current user this "local user" identity before he is
pointed to the module so that the module sees the current user as the
"local", therefore authorized to get in. When one exits the module the
normal way, this "borrowed" identity is erased and will be replaced with
another one that corresponds to the next module one chooses to use.
Now the problem is obvious when one writes a code that criscrosses
between different modules. The assigned "identity" does not get erased
and the new module sees it as "intruder". So the user gets this "you are
not authorized....." notice. If you really want to criscross, you have
to trick the other module that the user is the "local user". This needs
a lot of code revision and can become complex, specially if your code
crosses back and forth.
elpidio
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Care2002-developers mailing list
Care2002-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/care2002-developers
