struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Benedict <pbened...@apache.org>
Subject Re: Security judges
Date Thu, 17 Oct 2013 19:11:24 GMT
Throw an exception instead. If Struts has a default exception handler,
translate the exception into a 403; but the goal is to give the user a
chance to customize the response.


On Thu, Oct 17, 2013 at 6:46 AM, Lukasz Lenart <lukaszlenart@apache.org>wrote:

> 2013/10/10 Lukasz Lenart <lukaszlenart@apache.org>:
> > 2013/10/10 Steven Benitez <steven.benitez@gmail.com>:
> >> Yeah, I'm not a fan of the Judge name either. Guard is better, but I'm
> not
> >> sure if it's best. What would the API look like?
> >
> > Not sure yet, something like this:
> >
> > public class SecurityGate {
> >
> >     private List<SecurityGuard> guards;
> >
> >     public void check(HttpServletRequest) {
> >         for(SecurityGuard guard : guards) {
> >            SecurityPass pass = guard.accept(HttpServletRequest);
> >            if (pass.notAccepted()) {
> >                throw new StrutsSecurityException(pass.getGuardMessage())
> >           }
> >         }
> >     }
> >
> > }
>
> Right now I'm planning just to throw an exception and call
> sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()), WDYT?
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>


-- 
Cheers,
Paul

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message