struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig McClanahan (JIRA)" <j...@apache.org>
Subject [jira] Moved: (SHALE-149) [Shale] Support for fine grained security on navigation
Date Wed, 26 Apr 2006 06:14:55 GMT
     [ http://issues.apache.org/struts/browse/SHALE-149?page=all ]

Craig McClanahan moved STR-2788 to SHALE-149:
---------------------------------------------

      Project: Shale  (was: Struts Action 1)
          Key: SHALE-149  (was: STR-2788)
    Component:     (was: Shale)
      Version:     (was: Nightly Build)
    Assign To:     (was: Struts Developer Mailing List)

> [Shale] Support for fine grained security on navigation
> -------------------------------------------------------
>
>          Key: SHALE-149
>          URL: http://issues.apache.org/struts/browse/SHALE-149
>      Project: Shale
>         Type: Improvement

>  Environment: Operating System: other
> Platform: Other
>     Reporter: Craig McClanahan
>     Priority: Minor

>
> Conversations on the Struts user mailing list today highlight the potential for
> a Shale value add with regards to authorization.  It was noted that container
> managed security can protect the incoming form submits, but does not protect
> navigation to an arbitrary page (because constraints are only applied on the
> initial submit, not on RequestDispatcher.forward() calls used to implement the
> navigation).  It would be interesting for Shale to offer a customized navigation
> handler that would allow limitation of navigation to specified view identifiers
> based on request.isUserInRole().
> As a further generalization, it would be useful to present this capability as a
> general purpose plugin architecture, where the application could provide any
> sort of fine grained access control it wanted ("only managers can navigate to
> the salary details page, and only for their own employees").  A built in plugin
> that supported container managed security could be a "reference implementation"
> of this featue.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/struts/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message