Re: [Acegisecurity-developer] Protecting part of a JSP

[Greg Akins]

Sounds perfect for me...

1.  Any objection to this?  Is it un-Acegi like?

2.  I really need the feature for this project (my
deadline is hours away:-(  Is there an easier way, in
the meantime (ie., can I access the Authorization
from my servlet via session?)

3.  I don't know Acegi that well, but would be willing
to add this if some folks can give me a little
handholding (that is, if the to #1 is No.



--- Brian Moseley [EMAIL PROTECTED] wrote:
 Greg Akins wrote:
  I thought about that... But the protection is
 based
  on role, and the state of the JSP page
  
  Basically anyone can update any field if adding a
 new
  record..
  
  But if updating an existing record, only certain
  users.
  
  And the less privleged user should be able to
 see
  the data so I wanted to use disabled on my
 Struts
  tags if the record is being updated and if the
 user
  doesn't have privileges.
  
  In code I'd set disabled if (!authorized 
 update)
  
  So if i am using html-el:select
 disabled=${disabled}
  I can set disabled=(!authorized  update) in my
  Action.
  
  Though it seems like I shouldn't have to do that
 in
  code (rather do it in the JSP or from
 configuration.
 
 right. this is why the authz tag should be able to
 set a scoped 
 variable. so then you could do something like:
 
 authz var=authorized .../
 c:set var=update value=true/
 
 html-el:select disabled=${!authorized  update}
 
 i proposed adding this capability to the authz tag a
 while back, but i 
 never got around to it, heh.
 
 

---
 This SF.Net email is sponsored by Oracle Space
 Sweepstakes
 Want to be the first software developer in space?
 Enter now for the Oracle Space Sweepstakes!

http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click
 ___
 Home: http://acegisecurity.sourceforge.net
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
 


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Protecting part of a JSP

[Ben Alex]

Greg Akins wrote:
3.  I don't know Acegi that well, but would be willing
to add this if some folks can give me a little
handholding (that is, if the to #1 is No.
 

That would be excellent.
If you had time to make a similar change to the other taglibs and unit 
tests (so they maintain some consistency in capability) it would be even 
better. :-)

Cheers
Ben
---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click
___
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer