Return-Path: Delivered-To: apmail-struts-dev-archive@www.apache.org Received: (qmail 61266 invoked from network); 26 Apr 2006 06:26:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 26 Apr 2006 06:26:06 -0000 Received: (qmail 26849 invoked by uid 500); 26 Apr 2006 06:18:38 -0000 Delivered-To: apmail-struts-dev-archive@struts.apache.org Received: (qmail 24759 invoked by uid 500); 26 Apr 2006 06:18:28 -0000 Mailing-List: contact dev-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Developers List" Reply-To: "Struts Developers List" Delivered-To: mailing list dev@struts.apache.org Received: (qmail 19777 invoked by uid 99); 26 Apr 2006 06:18:05 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Apr 2006 23:18:03 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Apr 2006 23:17:59 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2C96671435D for ; Wed, 26 Apr 2006 06:14:55 +0000 (GMT) Message-ID: <17757319.1146032095180.JavaMail.root@brutus> Date: Wed, 26 Apr 2006 06:14:55 +0000 (GMT+00:00) From: "Craig McClanahan (JIRA)" To: dev@struts.apache.org Subject: [jira] Moved: (SHALE-149) [Shale] Support for fine grained security on navigation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/struts/browse/SHALE-149?page=all ] Craig McClanahan moved STR-2788 to SHALE-149: --------------------------------------------- Project: Shale (was: Struts Action 1) Key: SHALE-149 (was: STR-2788) Component: (was: Shale) Version: (was: Nightly Build) Assign To: (was: Struts Developer Mailing List) > [Shale] Support for fine grained security on navigation > ------------------------------------------------------- > > Key: SHALE-149 > URL: http://issues.apache.org/struts/browse/SHALE-149 > Project: Shale > Type: Improvement > Environment: Operating System: other > Platform: Other > Reporter: Craig McClanahan > Priority: Minor > > Conversations on the Struts user mailing list today highlight the potential for > a Shale value add with regards to authorization. It was noted that container > managed security can protect the incoming form submits, but does not protect > navigation to an arbitrary page (because constraints are only applied on the > initial submit, not on RequestDispatcher.forward() calls used to implement the > navigation). It would be interesting for Shale to offer a customized navigation > handler that would allow limitation of navigation to specified view identifiers > based on request.isUserInRole(). > As a further generalization, it would be useful to present this capability as a > general purpose plugin architecture, where the application could provide any > sort of fine grained access control it wanted ("only managers can navigate to > the salary details page, and only for their own employees"). A built in plugin > that supported container managed security could be a "reference implementation" > of this featue. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/struts/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For additional commands, e-mail: dev-help@struts.apache.org