On Fri, Mar 07, 2003 at 09:32:56PM -0800, Jason Carreira wrote: > > -----Original Message----- > > From: Anders Engström [mailto:[EMAIL PROTECTED] > > Sent: Friday, March 07, 2003 4:38 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [OS-webwork] WW and J2EE based security > > > > > > On Fri, Mar 07, 2003 at 10:10:48AM -0800, Jason Carreira wrote: > > > I created a RoleActionFilter and RoleRestricted interface that our > > > actions implement which returns a String[] of acceptable roles. The > > > RoleActionFilter gets the Action using the ActionFactory and, if it > > > implements RoleRestricted, it checks the role of the current user > > > against the acceptable roles and either allows access or throws a > > > ServletException. > > > > > > > Interesting approach.. how is this implemented together with > > container managed security? > > It calls isUserInRole(roleName) so it's directly using J2EE security. You have to be > logged in to access the Action. You need to apply security to paths to cause the > server to force a log in. >
How are un-protected views/actions separated from protected views/actions? Since there is no way to bind an action to a specific path in 1.3 which is the recommended way to specify parts of a WW application as protected? > > > > > All of this is MUCH cleaner in WW2 where namespaces make Actions > > > pinned to certain paths (or not, your decision, but at > > least you CAN > > > decide). > > > > Hehe - well... I'm eagerly awaiting the arrival of ww2 :) But > > (see my previous post) we will be using ww 1.3. How much work > > would it be to hack/substitute code in 1.3 to make it handle > > paths like ww2 is supposed to? > > > > Yeah, I understand. We're doing the same at work, which is why I've developed this > hack. I don't know how hard it would be, but it shouldn't be done, since it would > change 1.3 significantly. > IMO there should be a "Best practices for WW and J2EE web resource constraint" (or similar) in the docs (Wiki?). It ought to be a pretty common scenario and to promote WW as a framework for web development it is crucial. I'd be happy to put together a draft, but I need a little more input from all you WebWork gurus ;) //Anders -- |===================================| | Anders Engström | | [EMAIL PROTECTED] | | http://www.gnejs.net | |===================================| |Your mind is like an umbrella. | |It doesn't work unless you open it.| | /Frank Zappa | |===================================|
pgp00000.pgp
Description: PGP signature
