Return-Path: 
 <user-return-213450-apmail-struts-user-archive=struts.apache.org@struts.apache.org>
X-Original-To: apmail-struts-user-archive@www.apache.org
Delivered-To: apmail-struts-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0CA0ED45D
	for <apmail-struts-user-archive@www.apache.org>;
 Thu,  4 Oct 2012 10:05:36 +0000 (UTC)
Received: (qmail 96748 invoked by uid 500); 4 Oct 2012 10:05:34 -0000
Delivered-To: apmail-struts-user-archive@struts.apache.org
Received: (qmail 96187 invoked by uid 500); 4 Oct 2012 10:05:30 -0000
Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:user-unsubscribe@struts.apache.org>
List-Help: <mailto:user-help@struts.apache.org>
List-Post: <mailto:user@struts.apache.org>
List-Id: "Struts Users Mailing List" <user.struts.apache.org>
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
Delivered-To: mailing list user@struts.apache.org
Received: (qmail 96143 invoked by uid 99); 4 Oct 2012 10:05:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Oct 2012 10:05:28 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of lukasz.lenart@gmail.com
 designates 209.85.216.176 as permitted sender)
Received: from [209.85.216.176] (HELO mail-qc0-f176.google.com)
 (209.85.216.176)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Oct 2012 10:05:22 +0000
Received: by mail-qc0-f176.google.com with SMTP id n41so243752qco.35
        for <user@struts.apache.org>; Thu, 04 Oct 2012 03:05:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:reply-to:in-reply-to:references:date:message-id
         :subject:from:to:content-type:content-transfer-encoding;
        bh=bZAXnR+FdCfoJFSGvhxSAwV77TtByXViJhf/AfsR22c=;
        b=CGShMPf1X21nhZY24Aglj5xeiXy+O5GtMnqsck1jrmeMnG03Jiw8GydKudN1MWjFXU
         3WW356sjOW9njSkyDA6tzAq4jx8HsqPZCZflCPXd/5/183CAogbgVMDwZj8q/e7ciSGk
         IYodb5BPhPs63WpI0VeujVtRiwqiWjHYQDH/+KT6ja4ZEgYhOj9FWpvhVXIiYUjXd1LX
         GlltV9OPKyXhqiWYpUm17QB90yJCJLUYt34Y41n2HyCac2LQcVQUkQVGCc0mUqTlD+7T
         sUnmJwtUBSNo+vUmSQSeB3fTc2D7dtbDVlE8U8QzF0A/BSY+BCSKa3+YeW9JfolDLDuI
         ANsQ==
MIME-Version: 1.0
Received: by 10.224.174.129 with SMTP id t1mr11449358qaz.16.1349345100409;
 Thu, 04 Oct 2012 03:05:00 -0700 (PDT)
Received: by 10.229.56.194 with HTTP; Thu, 4 Oct 2012 03:05:00 -0700 (PDT)
Reply-To: lukasz.lenart@gmail.com
In-Reply-To: 
 <CAPcVg7=1H5gOy=DsiVAbAGvP5bVSxLeb6y5phgF6r2r=NuUUwQ@mail.gmail.com>
References: 
 <CAPcVg7=1H5gOy=DsiVAbAGvP5bVSxLeb6y5phgF6r2r=NuUUwQ@mail.gmail.com>
Date: Thu, 4 Oct 2012 12:05:00 +0200
Message-ID: 
 <CAMopvkM2H4nTQh-5A5fzWF_M6PJT2GZB-iGF7wV_Zpg4Qiy2Bw@mail.gmail.com>
Subject: Re: Struts2 authentication, validation, and roles
From: =?UTF-8?Q?=C5=81ukasz_Lenart?= <lukasz.lenart@gmail.com>
To: Struts Users Mailing List <user@struts.apache.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

2012/10/3 Ken McWilliams <ken.mcwilliams@gmail.com>:
> Asking for the consideration of a struts2 feature enhancement.
>
> The roles interceptor depends on container based security, it is a bit
> of a pain to set up and portability is complicated by needing to cover
> more documentation steps (how to secure your application on Glassfish,
> Weblogic, Tomcat...). This is container security and of course not
> Struts2s issue but it would be nice it we could use the roles
> interceptor by defining a
> org.apache.struts2.interceptor.PrincipalProxy implementation and
> specifying it with a struts2 constant:
>
> <constant name=3D"struts.security.principalProxy"
> value=3D"com.example.MyPrincipalProxyImpl"/> //default would be
> org.apache.struts2.servlet.interceptor.ServletPrincipalProxy
>
> There is only a few place (that I know of) where the PrincipalProxy
> interface aught to be used where currently the request is being used
> (aught to be used if implementing this feature). That is in the
> "servletConfig" interceptor when setting the PrincipalAware interface
> of an action and in the roles interceptor.
>
> It is not too much work to implement our own interceptors to
> facilitate role based access but I think this would be helpful to many
> and does not seem to require a radical change to S2 internals, so I
> thought I would bring this up in the user forum to see what others
> think.

I thought a bit more about that and this can be achieved by a
PrincipalProvider (as TextProvider) which can be injected onto
interceptors or any other place. It will produce PrincipialProxy base
on HttpServletRequest, eg.
PrincipialProvider#getPrincipialProxy(HttpServletRequest)


Regards
--=20
=C5=81ukasz
mobile +48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org