struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Łukasz Lenart <lukasz.len...@gmail.com>
Subject Re: Struts2 authentication, validation, and roles
Date Thu, 04 Oct 2012 10:05:00 GMT
2012/10/3 Ken McWilliams <ken.mcwilliams@gmail.com>:
> Asking for the consideration of a struts2 feature enhancement.
>
> The roles interceptor depends on container based security, it is a bit
> of a pain to set up and portability is complicated by needing to cover
> more documentation steps (how to secure your application on Glassfish,
> Weblogic, Tomcat...). This is container security and of course not
> Struts2s issue but it would be nice it we could use the roles
> interceptor by defining a
> org.apache.struts2.interceptor.PrincipalProxy implementation and
> specifying it with a struts2 constant:
>
> <constant name="struts.security.principalProxy"
> value="com.example.MyPrincipalProxyImpl"/> //default would be
> org.apache.struts2.servlet.interceptor.ServletPrincipalProxy
>
> There is only a few place (that I know of) where the PrincipalProxy
> interface aught to be used where currently the request is being used
> (aught to be used if implementing this feature). That is in the
> "servletConfig" interceptor when setting the PrincipalAware interface
> of an action and in the roles interceptor.
>
> It is not too much work to implement our own interceptors to
> facilitate role based access but I think this would be helpful to many
> and does not seem to require a radical change to S2 internals, so I
> thought I would bring this up in the user forum to see what others
> think.

I thought a bit more about that and this can be achieved by a
PrincipalProvider (as TextProvider) which can be injected onto
interceptors or any other place. It will produce PrincipialProxy base
on HttpServletRequest, eg.
PrincipialProvider#getPrincipialProxy(HttpServletRequest)


Regards
-- 
Łukasz
mobile +48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message