>From: "James Reynolds" <[EMAIL PROTECTED]>
>
> >If you are using J2EE container managed security, why not use the
> standard
> >declarative security constraint on a url-pattern? You then assign
> roles
> >to the constraint and to groups and/or users.
> >
> >Gary
>
> Thanks Gary,
>
> Maybe I'm misunderstanding Craig's response (below). Perhaps he is
> referring to page-by-page control, while you are referring to a url
> pattern that encompasses all contents of a folder (/members_only/*). Is
> that the subtle difference here?
>
Oh, right. I guess you would also have to use "redirects" instead of
"forwards" for
navigation since the forwards are trusted.
<navigation-case>
<from-outcome>viewSalary</from-outcome>
<to-view-id>/secured/viewSalary.faces</to-view-id>
<redirect/>
</navigation-case>
You could also add programmatic checks in your "action"
methods to return outcomes based on security.
Gary
>
> > Shale's filters do indeed intercept whatever requests it is mapped to,
>
> > but there are two important things to understand with respect to
> > container managed security:
> >
> > * Container managed security is applied *before* any filters
> > (including the one that Shale provides).
> >
> > * Container managed security is applied *only* on the
> > initial request, not on RequestDispatcher.forward() calls.
> > In JSF (and therefore Shale) apps, that means you can
> > protect the incoming form submits (they will be mapped
> > to something like "/editCustomer.jsf" if you are using
> > extension mapping, and the page being submitted was
> > "/editCustomer.jsp").
> >
> > The second issue means that it is your application's responsibility to
>
> > decide whether or not the user should be allowed to navigate to a
> > particular page. Container managed security won't help you there. That
>
> > being said, it might be interesting for Shale to deliver a custom JSF
> > navigation handler that would optionally impose that sort of control
> > ("only a manager can navigate to the salary details page").
> >
> > Craig
> >
> > -----Original Message-----
> > > From: James Reynolds [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, March 03, 2006 3:02 PM
> > > To: Struts Users Mailing List
> > > Subject: Shale & Container Managed Security
> > >
> > >
> > > I'm a newbie setting up container managed security for a basic
> > > Shale-blank application. For my first attempt, I'm trying a simple
> > > BASIC authentication but I'm having troubles so I'm trying to rule
> out
> >
> > > the unknowns.
> > >
> > > My question for this list is, does Shale have an impact on
> traditional
> >
> > > Container Managed Security Methods?
> > >
> > > Thanks
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
