[jira] Moved: (SHALE-149) [Shale] Support for fine grained security on navigation

Tue, 25 Apr 2006 23:25:27 -0700 

     [ http://issues.apache.org/struts/browse/SHALE-149?page=all ]

Craig McClanahan moved STR-2788 to SHALE-149:
---------------------------------------------

      Project: Shale  (was: Struts Action 1)
          Key: SHALE-149  (was: STR-2788)
    Component:     (was: Shale)
      Version:     (was: Nightly Build)
    Assign To:     (was: Struts Developer Mailing List)

> [Shale] Support for fine grained security on navigation
> -------------------------------------------------------
>
>          Key: SHALE-149
>          URL: http://issues.apache.org/struts/browse/SHALE-149
>      Project: Shale
>         Type: Improvement

>  Environment: Operating System: other
> Platform: Other
>     Reporter: Craig McClanahan
>     Priority: Minor

>
> Conversations on the Struts user mailing list today highlight the potential 
> for
> a Shale value add with regards to authorization.  It was noted that container
> managed security can protect the incoming form submits, but does not protect
> navigation to an arbitrary page (because constraints are only applied on the
> initial submit, not on RequestDispatcher.forward() calls used to implement the
> navigation).  It would be interesting for Shale to offer a customized 
> navigation
> handler that would allow limitation of navigation to specified view 
> identifiers
> based on request.isUserInRole().
> As a further generalization, it would be useful to present this capability as 
> a
> general purpose plugin architecture, where the application could provide any
> sort of fine grained access control it wanted ("only managers can navigate to
> the salary details page, and only for their own employees").  A built in 
> plugin
> that supported container managed security could be a "reference 
> implementation"
> of this featue.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/struts/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to