myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cagatay Civici" <cagatay.civ...@gmail.com>
Subject Re: s:secure
Date Wed, 16 Aug 2006 14:20:32 GMT
I've already done a similiar thing for Acegi Security Framework, Acegi-JSF
users have given me nice feedbacks.

So I thought a similar component could also be useful for myfaces.

<s:secure ifAnyGranted="manager, admin">
    //components to be secured goes here
</s:secure>

Also with attributes like ifAnyGranted, ifNotGranted, disabled and etc, this
guard component decides whether to render the children components or not.
Disabling is also supported.

If we agree on this, I'll commit it to sandbox. Just wanna hear the team's
thoughts.

Cagatay

On 8/16/06, Kumar, Girish <Girish.Kumar@ibtco.com> wrote:
>
>  Is s:secure already written or you want to implement it ?
> Can you be more clear on what s:secure does ?
>
> Girish
>
>  ------------------------------
> *From:* Cagatay Civici [mailto:cagatay.civici@gmail.com]
> *Sent:* Wednesday, August 16, 2006 10:08 AM
> *To:* MyFaces Development
> *Subject:* Re: s:secure
>
> Hi Mike,
>
> <h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin}">
> >    //components to be secured goes here
> > </h:panelGroup >
> >
>
> Yes that would do the same job but my point is the user must create the
> securityBean class to accomplish this.
>
> Also securityBean changes when a new role is added. Imagining the possible
> amount of roles, the maintanence of the bean might cause problems when
> things get more complex.
>
> My other concern is what if there are other conditions that effect the
> rendered property of the panel. Then that should also be added to the
> security concern like;
>
> #{securityBean.isManager or securityBean.isAdmin or pageBean.isLoggedIn}
>
> Anyway, I'm just thinking loud :)
>
> Cagatay
>
> On 8/16/06, Mike Kienenberger <mkienenb@gmail.com> wrote:
> >
> > What's wrong with using this?
> >
> > <h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin
> > }">
> >     //components to be secured goes here
> > </h:panelGroup >
> >
> > Seems a lot more flexible.
> >
> > On 8/16/06, Cagatay Civici < cagatay.civici@gmail.com> wrote:
> > > Hi,
> > >
> > > What do you guys think about a security component like this;
> > >
> > > <s:secure ifAnyGranted="manager, admin">
> > >     //components to be secured goes here
> > > </s:secure>
> > >
> > > Also have attributes like ifNotGranted, ifAnyGranted disable and etc.
> > >
> > > Do you think this should be useful?
> > >
> > > Regards,
> > >
> > > Cagatay
> > >
> >
>
>
>
> **************************************************************************
> This message and any attached documents contain information
> which may be confidential, subject to privilege or exempt from
> disclosure under applicable law. These materials are solely for
> the use of the intended recipient. If you are not the intended
> recipient of this transmission, you are hereby notified that any
> distribution, disclosure, printing, copying, storage, modification
> or the taking of any action in reliance upon this transmission is
> strictly prohibited. Delivery of this message to any person other
> than the intended recipient shall not compromise or waive
> such confidentiality, privilege or exemption from disclosure as
> to this communication.
>
> If you have received this communication in error, please notify
> the sender immediately and delete this message from your system.
>
> *****************************************************************************
>

Mime
View raw message