At the suggestion of Aleksei Valikov I've integrated security permission
checks during method invocation in OGNL.
To use it you need to have a security manager (in Tomcat or Resin, for
example) that will use a policy file. In the policy file you need to
grant access to OGNL to invoke methods in any package using
ognl.OgnlInvokePermission objects as permission tokens.
Example in Tomcat's catalina.policy file:
grant codeBase "file:${catalina.home}/webapps/OGNLTester/-"
{
permission ognl.OgnlInvokePermission "invoke.org.ognl.*";
permission ognl.OgnlInvokePermission "invoke.javax.mail.*";
...more entries follow...
}
- Drew
--
+---------------------------------+
< Drew Davidson | OGNL Technology >
+---------------------------------+
| Email: [EMAIL PROTECTED] /
| Web: http://www.ognl.org /
| Vox: (520) 531-1966 <
| Fax: (520) 531-1965 \
| Mobile: (520) 405-2967 \
+---------------------------------+
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Tapestry-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/tapestry-developer
