DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38849>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38849 Summary: [Shale] Support for fine grained security on navigation Product: Struts Version: Nightly Build Platform: Other OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: Shale AssignedTo: dev@struts.apache.org ReportedBy: [EMAIL PROTECTED] Conversations on the Struts user mailing list today highlight the potential for a Shale value add with regards to authorization. It was noted that container managed security can protect the incoming form submits, but does not protect navigation to an arbitrary page (because constraints are only applied on the initial submit, not on RequestDispatcher.forward() calls used to implement the navigation). It would be interesting for Shale to offer a customized navigation handler that would allow limitation of navigation to specified view identifiers based on request.isUserInRole(). As a further generalization, it would be useful to present this capability as a general purpose plugin architecture, where the application could provide any sort of fine grained access control it wanted ("only managers can navigate to the salary details page, and only for their own employees"). A built in plugin that supported container managed security could be a "reference implementation" of this featue. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
