Re: Adding roles to the action-mappings?

Thu, 25 Jan 2001 14:02:15 -0800 

Taylor Cowan wrote:

> I might not understand the context well enough to comment, but before anyone
> starts writing new "pluggable security adapters" isn't that what JAAS is?
>

Yes, if you're running JDK 1.3 or later.

As I pointed out in my earlier response, I view pluggable security adapters as
in the realm of a container, not in the realm of an application.

>
> Taylor
>

Craig


>
> ----- Original Message -----
> From: "Alec Bau" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, January 25, 2001 3:44 PM
> Subject: Re: Adding roles to the action-mappings?
>
> > I'm also very strongly in favor of this idea! Moreover, imo, Struts should
> include
> > some simple  pluggable security (Tomcat realm based perhaps)  adapter with
> default
> > implementation that wraps Tomcat's realms. I'm sure community will donate
> > implementations specific to other containers (WebSphere, WebLogic, etc.).
> This way
> > Struts app becomes more independent and portable between various
> containers so one
> > can develop and test his app including security stuff, for example, on
> Tomcat on his
> > personal box and then deploy the app with minimal hassle to shared
> test/production
> > servers that run, in our case, WebSphere & ServletExec. I'm sure a big
> chunk of
> > current Tomcat realm api's & implementation can be used as a base.
> >
> > "Craig R. McClanahan" wrote:
> >
> > > [EMAIL PROTECTED] wrote:
> > >
> > > > Hello!
> > > >
> > > > Has anyone considered whether it would be valuable to have roles
> defined
> > > > against the action definitions within struts-config.xml, and have the
> > > > controller servlet automatically validate whether the user is in the
> > > > necessary roles to execute the action prior to calling it? Has this
> been
> > > > proposed for 1.1?
> > > >
> > >
> > > I assume you're talking about the roles associated with security
> constraints in
> > > the web.xml file, right?  If so, that's a pretty interesting idea.  I
> will add
> > > it to the 1.1 TODO list.
> > >
> > > In the mean time, you can define security constraints in web.xml that
> protect
> > > each action individually (for example, a URL pattern of
> "/saveCustomer.do"), but
> > > it's pretty tedious.
> > >
> > > >
> > > > Regards,
> > > > James W.
> > > >
> > >
> > > Craig

Reply via email to