struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Security judges
Date Thu, 17 Oct 2013 11:46:20 GMT
2013/10/10 Lukasz Lenart <lukaszlenart@apache.org>:
> 2013/10/10 Steven Benitez <steven.benitez@gmail.com>:
>> Yeah, I'm not a fan of the Judge name either. Guard is better, but I'm not
>> sure if it's best. What would the API look like?
>
> Not sure yet, something like this:
>
> public class SecurityGate {
>
>     private List<SecurityGuard> guards;
>
>     public void check(HttpServletRequest) {
>         for(SecurityGuard guard : guards) {
>            SecurityPass pass = guard.accept(HttpServletRequest);
>            if (pass.notAccepted()) {
>                throw new StrutsSecurityException(pass.getGuardMessage())
>           }
>         }
>     }
>
> }

Right now I'm planning just to throw an exception and call
sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()), WDYT?


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message