struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "liu ji" <liuji...@hotmail.com>
Subject Re: why not extend struts to support access control?
Date Sun, 26 Sep 2004 23:56:31 GMT

Thank Martin Cooper.
Struts-chain is the one I really need it!
It is the one I want to implement!
And the idea and the config of struts-chain is what did I think.

Does struts already support struts-chain?
Or you want to support it in struts?
Or it is only another project?




==============================================
Ji Liu





>From: Martin Cooper <mfncooper@gmail.com>
>Reply-To: Martin Cooper <mfncooper@gmail.com>
>To: Struts Developers List <dev@struts.apache.org>
>Subject: Re: why not extend struts to support access control?
>Date: Sun, 26 Sep 2004 10:00:28 -0700
>
>On Sun, 26 Sep 2004 22:40:18 +0800, liu ji <liujiboy@hotmail.com> wrote:
> > I have just read the example.
> > I don't see any clue that ageci solved the problem.
> >
> > Although it can ensure the security in function level,it isn't very 
useful.
> >
> > I can security my system in a high level not function level.
> >
> > It also uses IOC which struts doesn't support.If I want to use it,I 
have to
> > use spring.
> >
> > Your example is the role checking.But the access control is more 
complex.
> > For example,when user A want to edit his information,the URL maybe like
> > this http://user/editProfile.do?id=userA.The editProfile.do use the id
> > parameter to get the profile of user A.Before doing that the 
application
> > should ensure whether the request is requested by user A.So the 
editProfile
> > should compare the id parameter with the id property stored in the 
session.
> >
> > Maybe more complex,for example,the id parameter indicate the order 
id.User
> > may have a lot of orderid,they can only edit the order which wasn't
> > shipped.How can ageci solve this?
> >
> > Sorry,I ask a lot of questions,and may of them are irrelevant to 
struts.
>
>They're not irrelevant, but I do think this discussion would be off on
>the user list rather than the dev list. There are many, many more
>people on that list, and I'm sure many of them have faced the same
>problem as you do and have implemented solutions to it. You'll get
>more ideas from people with experience in the problem if you ask your
>questions on that list.
>
>While I'm here, though, one option for you would be to use
>struts-chain, in contrib, which will allow you to add whatever
>security checks you need, at whatever stage in the processing of a
>request you need, or want.
>
>--
>Martin Cooper
>
>
> >
> >
> > ==============================================
> > Ji Liu
> >
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>For additional commands, e-mail: dev-help@struts.apache.org
>

_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger:  http://messenger.msn.com/cn  


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message