jakarta-taglibs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@voyager.apg.more.net>
Subject Re: Simple security tags proposal
Date Sun, 14 Apr 2002 15:40:04 GMT
david robin wrote:
> 
> Hello,
> I read in the procedure for adding a new tag library that the first thing to do is to
submit the project here so here is what i want to add:
> I want to add 2 simple security tags to allow/deny a  user in a certain role to see or
not the content between the tag.
> Here is an example:
> 
> <security:allow  roles="boss">
>     <input type="button" value="approve">
> </security:allow>
> 
> <security:allow   roles="boss;worker">
>     <input type="button" value="submit change">
> </security:allow>
> 
> Or:
> 
> <security:deny  roles="worker">
>     <input type="button" value="approve">
> </security:deny>
>     <input type="button" value="submit change">
> 
> As you can see it's a very simple couple of tags.
> I know that something similar can be done with the <request:IsUserInRole> tag,
but there are several reasons to do add these simples security tags :
> 
> In one tag you can pass multiples roles.
> It makes a clearer code.
> It is a very common task in web developpement with tomcat to hide/show some features
for a given role.
> Grouping security stuff in an other library than the request one make sense.
> 
> I read in the archive of this list that a security library was proposed, but it was dealing
with groups and permissions.
> Maybe these two tags can be added to this project.
> 
> I hope i don't have make you waste your time by posting this and that it could be of
any interest for someone here.
> 
> =====================
> 
> David ROBIN


Thats a good idea.  Rather than create a separate tag library, as you said,
it would be appropriate to add these tags to the Request taglib.

I would recommend that multiple values for the roles attribute be a list
of comma separated values rather than separated with a semicolon.

If you can submit a patch using diff -u for the request taglib to add these tags,
I will commit it to CVS.

Thanks,

Glenn


----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

--
To unsubscribe, e-mail:   <mailto:taglibs-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:taglibs-dev-help@jakarta.apache.org>


Mime
View raw message