> -----Original Message----- > From: Anders Engström [mailto:[EMAIL PROTECTED] > Sent: Friday, March 07, 2003 4:38 PM > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwork] WW and J2EE based security > > > On Fri, Mar 07, 2003 at 10:10:48AM -0800, Jason Carreira wrote: > > I created a RoleActionFilter and RoleRestricted interface that our > > actions implement which returns a String[] of acceptable roles. The > > RoleActionFilter gets the Action using the ActionFactory and, if it > > implements RoleRestricted, it checks the role of the current user > > against the acceptable roles and either allows access or throws a > > ServletException. > > > > Interesting approach.. how is this implemented together with > container managed security?
It calls isUserInRole(roleName) so it's directly using J2EE security. You have to be logged in to access the Action. You need to apply security to paths to cause the server to force a log in. > > > All of this is MUCH cleaner in WW2 where namespaces make Actions > > pinned to certain paths (or not, your decision, but at > least you CAN > > decide). > > Hehe - well... I'm eagerly awaiting the arrival of ww2 :) But > (see my previous post) we will be using ww 1.3. How much work > would it be to hack/substitute code in 1.3 to make it handle > paths like ww2 is supposed to? > Yeah, I understand. We're doing the same at work, which is why I've developed this hack. I don't know how hard it would be, but it shouldn't be done, since it would change 1.3 significantly. Jason ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
