Jason Carreira wrote:
----------------------------------------- (on viruswall)J2EE decaritive security for a web application is taken configured via your web.xml file. To say that WebWork doesn't support this is patently false. It is very possible to use you web.xml file to restrict access to your Actions. It's your opinion that it's too inconvient to declare each action in your web.xml separately and you want to do it based on directory wildcards.
email-body was scanned and no virus found
---------------------------------------------------------
------------------------------------------------------------------------
I guess that's possible, but it's not really the point. J2EE provides
declarative security that works well enough, and that's what we're
using. I can tell you now that if Webwork can't support J2EE declarative
security, I won't be able to get it in here, and I'm sure there are a
lot of other shops where that will also be the case. As a framework
which supports servlet development, Webwork should support the J2EE
security framework, even if it allows people to bypass it and do their
own security implementations.
We will probably add the ability only reference alias' by thier absolute pathname in a future version, but I think it highly unlikely that you will configure permissions in you actions.xml. In the meantime either configure you Actions individually in you web.xml file or write you own filter to do directory based restriction.
-Maurice
Security products have a vested interest in plugging into app server
security frameworks, but probably won't support a webwork security
framework without having to go in and code the interconnects ourselves.
Jason
-----Original Message-----
From: Maurice Parker [mailto:maurice.parker@;pmic.com]
Sorry if I was overly harsh, but the fact that WebWork will not integrate a security framework has been discussed and decided upon more than once.
Why can't you write a filter that reads a config file and checks the incoming URL to see if it is requesting an action that you would like to
restrict access to? How does that solution not solve your problem?
-Maurice
-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
