Matt Ho wrote:
I look at it this way. There are a couple accepted ways of implementing
declarative security:
1. Securing based on path (Servlets for example)
2. Securing based on authenticated role (EJBs for example)
There are of course proprietary implementations. Ideally, I would love
This would essentially mean that XWork would have to support these two
invocation types:
/action/bar
/foo/bar.action
I'm probably not explaining myself well. To me, these are both examples
of path based security, struts style. Your second example with the jsp
was what I was considering role
Chris Miller wrote:
What would happen if the skins had to be explicitly defined in the
configuration, or if none were defined then XWork would default to pinned
paths?
Then there would be an outcry of too much to configure.. waaah. :-)
That way people that were not using the skinning would be
I use #2 quite a bit, and I'm not in any sort of portlet environment. I just
have multiple ww:action tags in my JSPs.
- Original Message -
From: Hai Pham [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 02, 2003 2:12 PM
Subject: Re: [OS-webwork] Re: Re: Action invocation
Hi all,
I think there are two major reasons why Rickard wants
to discard URL with .action.
1. to get declarative security working
2. to make it possible to invoke multiple read-only
actions within a page (in portlet environment for
example)
IMO, only #1 is reaonable. Still, lots of us already
I think there are two major reasons why Rickard wants
to discard URL with .action.
1. to get declarative security working
[snip]
IMO, only #1 is reaonable. Still, lots of us already
implement authentitation filter to get around the
prob. with the path. That's not to say that we need
