> This would essentially mean that XWork would have to support these two
> invocation types:
> /action/bar
> /foo/bar.action
I'm probably not explaining myself well. To me, these are both examples
of path based security, struts style. Your second example with the jsp
was what I was considering role based security.
I'd like to propose the following approach as a potential solution.
Below are two examples of what modified actions.xml files (or whatever
xworks uses) might look like:
Let's assume for both these examples that a Filter is being used. The
traditional Servlet controller doesn't support a /foo/xyzzy.jsp
implementation.
Example 1:
In this example, our Servlet filter is mapped to *.action so that a
request to http://somesite.com/{context}/some.action invokes the
SomeAction while
http://somesite.com/{context}/xzy/another.some.action
invokes AnotherAction. The security role would be optional and
could
also be specified inside the body of the <action> tag if the xwork
was
to support multiple roles.
<action name="com.indigoegg.SomeAction" alias="/some" role="xyz">
<view name="input">/WEB-INF/views/some-input.jsp</view>
<view name="success">/WEB-INF/views/some-success.jsp</view>
</action>
<action name="com.indigoegg.AnotherAction" alias="another.some">
<view name="input">/WEB-INF/views/another-input.jsp</view>
<view name="success">/WEB-INF/views/another-success.jsp</view>
</action>
Example 2:
In this example, our Servlet filter is mapped to *.jsp so that
requests
for /foo/xyzzy.jsp are intercepted by the filter. A couple things
changed in our configuration. The first is the addition of an
action-mapping section.
<action name="com.indigoegg.SomeAction" ref="some"/>
<view name="input">/WEB-INF/views/some-input.jsp</view>
</action>
<action-mapping>
<action-ref>some</action-alias>
<url-pattern>/foo/xyzzy</url-pattern
<!-- apply security here -->
</action-mapping>
Example 3:
This example combines both styles and maps to *.jsp. In this case,
a request for /path.jsp would map to /WEB-INF/views/some-success.jsp
whereas a request for /foo/xyzzy.jsp would be directed to
/foo/xyzzy.jsp
<action name="com.indigoegg.Bar" alias="/path" ref="bar"/>
<view name="success">/WEB-INF/views/some-success.jsp</view>
<view name="input">/WEB-INF/views/some-input.jsp</view>
</action>
<action-mapping>
<action-ref>some</action-alias>
<url-pattern>/foo/xyzzy</url-pattern>
<!-- apply security here -->
</action-mapping>
While I think the style in Example 2 is very flexible, it comes at the
cost of increased configuration file complexity.
--
Matt Ho
Principal
Indigo Egg, Inc.
http://www.indigoegg.com/
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
