Mailing-List: contact dev-help@myfaces.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "MyFaces Development" <dev@myfaces.apache.org>
Received-SPF: pass (asf.osuosl.org: domain of cagatay.civici@gmail.com
 designates 64.233.162.194 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=rgkIBX3q0k8LuFDqvMmrf981GyqtZkfwTQ5qZtrqfyPZ0WW3AmUc9quZAAruGtqKJ+QUtPGiBiAEibcGLFd910bwgzytEENRjfVEl9yln1cx6sXg6+h0asUVJBLZt4QIyDnYSvCEbz6HUDWN1T4jSLGRpk3gfyMqNEHebQ/A+Fk=
Message-ID: <8c9d4eaa0608160720t5e48ff3em904370699579e0f1@mail.gmail.com>
Date: Wed, 16 Aug 2006 17:20:32 +0300
From: "Cagatay Civici" <cagatay.civici@gmail.com>
To: "MyFaces Development" <dev@myfaces.apache.org>
Subject: Re: s:secure
In-Reply-To: <4AB9FAC47CFEC14C9EE1C88AC96EF76A0600E0@SBYEXCP03.ibt.ibtco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_221043_5233127.1155738032616"
References: <4AB9FAC47CFEC14C9EE1C88AC96EF76A0600E0@SBYEXCP03.ibt.ibtco.com>

------=_Part_221043_5233127.1155738032616
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I've already done a similiar thing for Acegi Security Framework, Acegi-JSF
users have given me nice feedbacks.

So I thought a similar component could also be useful for myfaces.

<s:secure ifAnyGranted="manager, admin">
    //components to be secured goes here
</s:secure>

Also with attributes like ifAnyGranted, ifNotGranted, disabled and etc, this
guard component decides whether to render the children components or not.
Disabling is also supported.

If we agree on this, I'll commit it to sandbox. Just wanna hear the team's
thoughts.

Cagatay

On 8/16/06, Kumar, Girish <Girish.Kumar@ibtco.com> wrote:
>
>  Is s:secure already written or you want to implement it ?
> Can you be more clear on what s:secure does ?
>
> Girish
>
>  ------------------------------
> *From:* Cagatay Civici [mailto:cagatay.civici@gmail.com]
> *Sent:* Wednesday, August 16, 2006 10:08 AM
> *To:* MyFaces Development
> *Subject:* Re: s:secure
>
> Hi Mike,
>
> <h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin}">
> >    //components to be secured goes here
> > </h:panelGroup >
> >
>
> Yes that would do the same job but my point is the user must create the
> securityBean class to accomplish this.
>
> Also securityBean changes when a new role is added. Imagining the possible
> amount of roles, the maintanence of the bean might cause problems when
> things get more complex.
>
> My other concern is what if there are other conditions that effect the
> rendered property of the panel. Then that should also be added to the
> security concern like;
>
> #{securityBean.isManager or securityBean.isAdmin or pageBean.isLoggedIn}
>
> Anyway, I'm just thinking loud :)
>
> Cagatay
>
> On 8/16/06, Mike Kienenberger <mkienenb@gmail.com> wrote:
> >
> > What's wrong with using this?
> >
> > <h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin
> > }">
> >     //components to be secured goes here
> > </h:panelGroup >
> >
> > Seems a lot more flexible.
> >
> > On 8/16/06, Cagatay Civici < cagatay.civici@gmail.com> wrote:
> > > Hi,
> > >
> > > What do you guys think about a security component like this;
> > >
> > > <s:secure ifAnyGranted="manager, admin">
> > >     //components to be secured goes here
> > > </s:secure>
> > >
> > > Also have attributes like ifNotGranted, ifAnyGranted disable and etc.
> > >
> > > Do you think this should be useful?
> > >
> > > Regards,
> > >
> > > Cagatay
> > >
> >
>
>
>
> **************************************************************************
> This message and any attached documents contain information
> which may be confidential, subject to privilege or exempt from
> disclosure under applicable law. These materials are solely for
> the use of the intended recipient. If you are not the intended
> recipient of this transmission, you are hereby notified that any
> distribution, disclosure, printing, copying, storage, modification
> or the taking of any action in reliance upon this transmission is
> strictly prohibited. Delivery of this message to any person other
> than the intended recipient shall not compromise or waive
> such confidentiality, privilege or exemption from disclosure as
> to this communication.
>
> If you have received this communication in error, please notify
> the sender immediately and delete this message from your system.
>
> *****************************************************************************
>

------=_Part_221043_5233127.1155738032616
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I've already done a similiar thing for Acegi Security Framework, Acegi-JSF users have given me nice feedbacks.<br><br>So I thought a similar component could also be useful for myfaces.<br><br>&lt;s:secure ifAnyGranted=&quot;manager, admin&quot;&gt;
<br>&nbsp;&nbsp;&nbsp; //components to be secured goes here<br>&lt;/s:secure&gt;<br><br>Also with attributes like ifAnyGranted, ifNotGranted, disabled and etc, this guard component decides whether to render the children components or not. Disabling is also supported.
<br><br>If we agree on this, I'll commit it to sandbox. Just wanna hear the team's thoughts.<br><br>Cagatay<br><br><div><span class="gmail_quote">On 8/16/06, <b class="gmail_sendername">Kumar, Girish</b> &lt;<a href="mailto:Girish.Kumar@ibtco.com">
Girish.Kumar@ibtco.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>


<div>
<div dir="ltr" align="left"><span><font color="#008000" face="Courier" size="2">Is s:secure already written or you want to implement it 
?</font></span></div>
<div dir="ltr" align="left"><span><font color="#008000" face="Courier" size="2">Can you be more clear on what s:secure does 
?</font></span></div>
<div dir="ltr" align="left"><span><font color="#008000" face="Courier" size="2"></font></span>&nbsp;</div>
<div dir="ltr" align="left"><span><font color="#008000" face="Courier" size="2">Girish</font></span></div><br>
<div dir="ltr" align="left" lang="en-us">
<hr>
<font face="Tahoma" size="2"><b>From:</b> Cagatay Civici 
[mailto:<a href="mailto:cagatay.civici@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">cagatay.civici@gmail.com</a>] <br><b>Sent:</b> Wednesday, August 16, 2006 
10:08 AM<br><b>To:</b> MyFaces Development<br><b>Subject:</b> Re: 
s:secure<br></font><br></div></div><div><span class="e" id="q_10d175350910e51f_1">
<div></div>Hi Mike,<br><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">&lt;h:panelGroup 
  rendered=&quot;#{securityBean.isManager or securityBean.isAdmin }&quot;&gt;<br>
  <div style="direction: ltr;"><span>&nbsp; &nbsp;//components to be 
  secured goes here<br></span></div>&lt;/h:panelGroup &gt;<br></blockquote><br>Yes 
that would do the same job but my point is the user must create the securityBean 
class to accomplish this. <br><br>Also securityBean changes when a new role is 
added. Imagining the possible amount of roles, the maintanence of the bean might 
cause problems when things get more complex.<br><br>My other concern is what if 
there are other conditions that effect the rendered property of the panel. Then 
that should also be added to the security concern like; 
<br><br>#{securityBean.isManager or securityBean.isAdmin or 
pageBean.isLoggedIn}<br><br>Anyway, I'm just thinking loud 
:)<br><br>Cagatay<br><br>
<div><span class="gmail_quote">On 8/16/06, <b class="gmail_sendername">Mike Kienenberger </b>&lt;<a href="mailto:mkienenb@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mkienenb@gmail.com
</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">What's 
  wrong with using this? <br><br>&lt;h:panelGroup 
  rendered=&quot;#{securityBean.isManager or 
  securityBean.isAdmin}&quot;&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;//components to be   secured goes here<br>&lt;/h:panelGroup &gt;<br><br>Seems a lot more 
  flexible.<br><br>On 8/16/06, Cagatay Civici &lt; <a href="mailto:cagatay.civici@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">cagatay.civici@gmail.com</a>&gt;   wrote:<br>&gt; Hi,<br>
&gt;<br>&gt; What do you guys think about a security 
  component like this;<br>&gt;<br>&gt; &lt;s:secure ifAnyGranted=&quot;manager, 
  admin&quot;&gt; <br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; //components to be secured goes 
  here<br>&gt; &lt;/s:secure&gt;<br>&gt;<br>&gt; Also have attributes like   ifNotGranted, ifAnyGranted disable and etc.<br>&gt;<br>&gt; Do you think this 
  should be useful?<br>&gt; <br>&gt; Regards,<br>&gt;<br>&gt; 
Cagatay<br>&gt;<br></blockquote></div><br></span></div><div><code><font size="2"><br>
<br>
**************************************************************************<br>
This message and any attached documents contain information<br>
which may be confidential, subject to privilege or exempt from<br>
disclosure under applicable law.  These materials are solely for <br>
the use of the intended recipient.  If you are not the intended<br>
recipient of this transmission, you are hereby notified that any<br>
distribution, disclosure, printing, copying, storage, modification <br>
or the taking of any action in reliance upon this transmission is <br>
strictly prohibited.  Delivery of this message to any person other<br>
than the intended recipient shall not compromise or waive <br>
such confidentiality, privilege or exemption from disclosure as<br>
to this communication.  <br>
<br>
If you have received this communication in error, please notify<br>
the sender immediately and delete this message from your system.<br>
*****************************************************************************<br>
</font></code>
</div>

</div></blockquote></div><br>

------=_Part_221043_5233127.1155738032616--