2012/10/3 Ken McWilliams <[email protected]>: > Asking for the consideration of a struts2 feature enhancement. > > The roles interceptor depends on container based security, it is a bit > of a pain to set up and portability is complicated by needing to cover > more documentation steps (how to secure your application on Glassfish, > Weblogic, Tomcat...). This is container security and of course not > Struts2s issue but it would be nice it we could use the roles > interceptor by defining a > org.apache.struts2.interceptor.PrincipalProxy implementation and > specifying it with a struts2 constant: > > <constant name="struts.security.principalProxy" > value="com.example.MyPrincipalProxyImpl"/> //default would be > org.apache.struts2.servlet.interceptor.ServletPrincipalProxy > > There is only a few place (that I know of) where the PrincipalProxy > interface aught to be used where currently the request is being used > (aught to be used if implementing this feature). That is in the > "servletConfig" interceptor when setting the PrincipalAware interface > of an action and in the roles interceptor. > > It is not too much work to implement our own interceptors to > facilitate role based access but I think this would be helpful to many > and does not seem to require a radical change to S2 internals, so I > thought I would bring this up in the user forum to see what others > think.
I thought a bit more about that and this can be achieved by a PrincipalProvider (as TextProvider) which can be injected onto interceptors or any other place. It will produce PrincipialProxy base on HttpServletRequest, eg. PrincipialProvider#getPrincipialProxy(HttpServletRequest) Regards -- Łukasz mobile +48 606 323 122 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
