Well, those are good points, but your concerns are with the
limitations of the default EL rather than a need for a component.
You can work around these limitations using the
hashmap-as-function-parameters trick, or by using a more advanced EL
(like the Facelets EL which supports user-defined functions).
#{securityBean.isManager or securityBean.isAdmin}
could become
#{securityBean.ifAnyGranted['manager'] or securityBean.ifAnyGranted['admin']}"
or
#{ifGranted(securityBean, 'manager') or ifGranted(securityBean, 'admin')}"
You could even add an extra property-resolver so that these are
resolved by an extension of EL.
#{security:granted:manager or security:granted:admin}"
I think trying to use a component to solve these problems is too
limiting. The place to deal with this is at the EL level.
what if there are other conditions that effect the rendered property of the
panel
#{securityBean.isManager or securityBean.isAdmin or pageBean.isLoggedIn}
That's going to be true no matter what you do. If you feel like
these need to be separated, then separate them out:
<h:panelGroup rendered="#{pageBean.isLoggedIn}">
<h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin}">
On 8/16/06, Cagatay Civici <[EMAIL PROTECTED]> wrote:
Hi Mike,
> <h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin
}">
>
> //components to be secured goes here
> </h:panelGroup >
>
Yes that would do the same job but my point is the user must create the
securityBean class to accomplish this.
Also securityBean changes when a new role is added. Imagining the possible
amount of roles, the maintanence of the bean might cause problems when
things get more complex.
My other concern is what if there are other conditions that effect the
rendered property of the panel. Then that should also be added to the
security concern like;
#{securityBean.isManager or securityBean.isAdmin or pageBean.isLoggedIn}
Anyway, I'm just thinking loud :)
Cagatay
On 8/16/06, Mike Kienenberger <[EMAIL PROTECTED]> wrote:
> What's wrong with using this?
>
> <h:panelGroup rendered="#{securityBean.isManager or
securityBean.isAdmin}">
> //components to be secured goes here
> </h:panelGroup >
>
> Seems a lot more flexible.
>
> On 8/16/06, Cagatay Civici < [EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > What do you guys think about a security component like this;
> >
> > <s:secure ifAnyGranted="manager, admin">
> > //components to be secured goes here
> > </s:secure>
> >
> > Also have attributes like ifNotGranted, ifAnyGranted disable and etc.
> >
> > Do you think this should be useful?
> >
> > Regards,
> >
> > Cagatay
> >
>
