I used interfaces to get this to work. So every Security Assert defines also
an interface that should be implemented by the Actions. It took a while, but
it's working now. Thanks for the advices.
2010/12/14 Chris Pratt thechrispr...@gmail.com
If you just need access to the parameters from the
Hi Maurizio, Li,
Thanks for your suggestion, but the problem with the approaches you
suggested is that they link the security rules too much to the actions. We
want to be as abstract as possible. For that, we have developed the
following implementation:
We created some entities called
Ok, now it's definitively clear.
First every interceptor knows exactly which action is invoked through action
invocation.
With that said your action could implement (1) your custom interface or (2)
a generic Request Aware interface in order to retrieve request parameters.
Does this answer your
I know that the inteceptor knows which action is invoked. I just don't want
it to need to be aware of that. That's why I assigned a resource for each
action, using a parameter in the definition of the action:
[...]
action name=Dashboard class=com.test.action.Dashboard
If you just need access to the parameters from the action, you can use:
String resource =
invocation.getProxy().getConfig().getParams().get(AuthoritationInterceptor.resource);
I've used this several times to get parameters from the configuration, but I
usually put the parameters on the action
I think you don't need this bothering job.
You can:
(1)Define some properties in your base class of all your action classes.
(2)Use these properties to capture data from the request.
(3)Run your interceptor AFTER the interceptors of struts2.
But BEFORE the execution of the Action class
So,
The
2010/12/10 Jose Luis Martinez Avial jlmarti...@pb-santander.com:
The
validation should be dinamic, so the rules should be able to receive
information from the request.
Basing Rule Access Control on request's parameters might induce
security flow risks.
What I would like to do is to use
Hello all,
I'm using Struts 2..1.8.1 for an application. To integrate the
security in the application we have developed an interceptor that
intercepts every request and checks a list of rules(implemented as
classes) to know if the user is allowed to execute the action. The
validation should be
8 matches
Mail list logo