struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Struts2 authentication, validation, and roles
Date Wed, 03 Oct 2012 05:59:43 GMT
2012/10/3 Ken McWilliams <ken.mcwilliams@gmail.com>:
> Asking for the consideration of a struts2 feature enhancement.
>
> The roles interceptor depends on container based security, it is a bit
> of a pain to set up and portability is complicated by needing to cover
> more documentation steps (how to secure your application on Glassfish,
> Weblogic, Tomcat...). This is container security and of course not
> Struts2s issue but it would be nice it we could use the roles
> interceptor by defining a
> org.apache.struts2.interceptor.PrincipalProxy implementation and
> specifying it with a struts2 constant:
>
> <constant name="struts.security.principalProxy"
> value="com.example.MyPrincipalProxyImpl"/> //default would be
> org.apache.struts2.servlet.interceptor.ServletPrincipalProxy
>
> There is only a few place (that I know of) where the PrincipalProxy
> interface aught to be used where currently the request is being used
> (aught to be used if implementing this feature). That is in the
> "servletConfig" interceptor when setting the PrincipalAware interface
> of an action and in the roles interceptor.
>
> It is not too much work to implement our own interceptors to
> facilitate role based access but I think this would be helpful to many
> and does not seem to require a radical change to S2 internals, so I
> thought I would bring this up in the user forum to see what others
> think.

Nice idea, any better modularisation and higher user satisfaction is
always welcome (with patch as well ;-)


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message