On Fri, Mar 07, 2003 at 10:10:48AM -0800, Jason Carreira wrote: > I created a RoleActionFilter and RoleRestricted interface that our actions implement > which returns a String[] of acceptable roles. The RoleActionFilter gets the Action > using the ActionFactory and, if it implements RoleRestricted, it checks the role of > the current user against the acceptable roles and either allows access or throws a > ServletException. >
Interesting approach.. how is this implemented together with container managed security? > All of this is MUCH cleaner in WW2 where namespaces make Actions pinned to certain > paths (or not, your decision, but at least you CAN decide). Hehe - well... I'm eagerly awaiting the arrival of ww2 :) But (see my previous post) we will be using ww 1.3. How much work would it be to hack/substitute code in 1.3 to make it handle paths like ww2 is supposed to? //Anders > > -----Original Message----- > > From: Anders Engström [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 07, 2003 9:17 AM > > To: [EMAIL PROTECTED] > > Subject: [OS-webwork] WW and J2EE based security > > > > > > > > Howdy. > > > > Is there a "best-practice" for using J2EE container managed > > security with WebWork 1.3 (<security-constrainy> etc. in web.xml)? > > > > I've discussed some possible strategies with Joseph > > (Ottinger) on irc, but none of them seem natural. > > > > 1 - prefix action mappings with secured-theaction.action in > > views.properties and restrict access to these mappings in web.xml. > > > > 2 - use different webwork.action.extension (.action & > > .secured-action) and restrict access based on extension in > > web.xml (is it even possible to specify more then one > > extension in webwork.properties?) > > > > 3 - use web.xml to restrict access to the web-resources (i.e. > > /jsp/secured/somepage.jsp). This would only protect the view, > > but not the execution of the action. > > > > How are you folks out there managing this situation? > > > > Best Regards //Anders > > > > -- > > |===================================| > > | Anders Engström | > > | [EMAIL PROTECTED] | > > | http://www.gnejs.net | > > |===================================| > > |Your mind is like an umbrella. | > > |It doesn't work unless you open it.| > > | /Frank Zappa | > > |===================================| > > > > > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger > for complex code. Debugging C/C++ programs can leave you feeling lost and > disoriented. TotalView can help you find your way. Available on major UNIX > and Linux platforms. Try it free. www.etnus.com > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork -- |===================================| | Anders Engström | | [EMAIL PROTECTED] | | http://www.gnejs.net | |===================================| |Your mind is like an umbrella. | |It doesn't work unless you open it.| | /Frank Zappa | |===================================|
pgp00000.pgp
Description: PGP signature
