struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig McClanahan (JIRA)" <>
Subject [jira] Moved: (SHALE-149) [Shale] Support for fine grained security on navigation
Date Wed, 26 Apr 2006 06:14:55 GMT
     [ ]

Craig McClanahan moved STR-2788 to SHALE-149:

      Project: Shale  (was: Struts Action 1)
          Key: SHALE-149  (was: STR-2788)
    Component:     (was: Shale)
      Version:     (was: Nightly Build)
    Assign To:     (was: Struts Developer Mailing List)

> [Shale] Support for fine grained security on navigation
> -------------------------------------------------------
>          Key: SHALE-149
>          URL:
>      Project: Shale
>         Type: Improvement

>  Environment: Operating System: other
> Platform: Other
>     Reporter: Craig McClanahan
>     Priority: Minor

> Conversations on the Struts user mailing list today highlight the potential for
> a Shale value add with regards to authorization.  It was noted that container
> managed security can protect the incoming form submits, but does not protect
> navigation to an arbitrary page (because constraints are only applied on the
> initial submit, not on RequestDispatcher.forward() calls used to implement the
> navigation).  It would be interesting for Shale to offer a customized navigation
> handler that would allow limitation of navigation to specified view identifiers
> based on request.isUserInRole().
> As a further generalization, it would be useful to present this capability as a
> general purpose plugin architecture, where the application could provide any
> sort of fine grained access control it wanted ("only managers can navigate to
> the salary details page, and only for their own employees").  A built in plugin
> that supported container managed security could be a "reference implementation"
> of this featue.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message