struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <>
Subject Re: [s2] Action ! Method syntax (was Freemarker transform name)
Date Fri, 25 Aug 2006 23:33:25 GMT
Jason Carreira wrote:
>> ...unless you really want to take the security
>> exercise all the way, 
>> i.e., secure each and every method via
>> container-managed security using 
>> annotations (ideally) to configure what roles/users
>> can access what 
>> methods, thereby taking the URI out of the equation
>> entirely... if you 
>> aren't in an allowed role, you can't execute the
>> method, regardless of 
>> what URI was used to request it.
>> Might not be a bad feature actually, but seems like a
>> bit of overkill to 
>> me :)
> I do this now, with Acegi and Spring. Not so much on actions, but on the Services they

And that's where we tend to do it too, but by using container-managed 
security to secure EJB methods instead.  The problem I've always had 
with it though is that I have to handle that in my Actions, or in the 
facade anyway... what if an Action tries to call a method that the user 
doesn't have access to?  I'd expect to get an exception, which I have to 
catch and handle in some graceful way (graceful as far as the user is 
concerned).  I'm thinking that maybe if this happened before the Action 
was invoked, it might be possible to handle it a little more gracefully, 
i.e., maybe I can declare some sort of "security exception" page to 
redirect to.  Obviously you could do this on your own, but it'd be nice 
if the framework handled it since this strikes me as a framework-y kinda 
thing :)

> Let's not re-invent the wheel.

Yeah, but that's what I *do*! ( ;) LOL


Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
AIM/Yahoo: fzammetti
Author of "Practical Ajax Projects With Java Technology"
  (2006, Apress, ISBN 1-59059-695-1)
Java Web Parts -
  Supplying the wheel, so you don't have to reinvent it!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message