tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kazukin6 <coolwh...@mail.ru>
Subject RE: Question is answered. See Bill Barker-2 answer
Date Sun, 14 Sep 2008 02:25:49 GMT

Martin, thanks for a guide! I took a look at the Jetspeed (and portlet
specifications too) and it seems pretty intresting. I'll definetely study
it. The only thing that scares me that spec-s
(http://www.jcp.org/aboutJava/communityprocess/review/jsr168/)  wasnt
updated since 2003

And yes, you really got it. Our system indeed is a portal and CMS and
something else too. And it somehow resembles the functions the Portal API
has. At this moment we're developing CRM part based on it. We already have a
whole bunch of portal functionality (it doesnt have any XML config cause
it's highly dynamic and config is stored in DB) and very specific security
system, tuned to our specific features, and at this point I'm not sure we'll
be able to seamlessly integrate any second-party solution into this
architecture. 



mgainty wrote:
> 
> 
> that was a 30 second solution amongst 100 different solutions<BR>
> 
> so maybe you want to categorise the jsps and then enable / disable
> view/update/delete of the resources<BR> in those categories depending on
> the authenticated credentials of the user<BR>
> for this scenario you might want to look at portals and or
> content-management system<s><BR>
> 
> i would start here<BR>
> http://portals.apache.org/jetspeed-1/fusion.html<BR>
> 
> Martin<BR>
> ______________________________________________ <BR>
> Disclaimer and confidentiality note 
> Everything in this e-mail and any attachments relates to the official
> business of Sender. This transmission is of a confidential nature and
> Sender does not endorse distribution to any party other than intended
> recipient. Sender does not necessarily endorse content contained within
> this transmission. 
> 
> 
>> Date: Sat, 13 Sep 2008 17:32:29 -0700
>> From: coolwhiff@mail.ru
>> To: users@tomcat.apache.org
>> Subject: Question is answered. See Bill Barker-2 answer
>> 
>> 
>> Hi, Martin
>> Thanks for the answer
>> I see, what you mean, but the problem is slightly different
>> 
>> The matter is that our users can change jsp files whatever they like via
>> administrative interface, so we want to restrict the use of scriplets in
>> these jsp's because of possible abuses
>> 
>> Bill Barker-2 provided the comprehensive answer to this problem
>> 
>> 
>> mgainty wrote:
>> > 
>> > 
>> > use ths struts if tag to conditionally disable the code
>> > <%@ taglib prefix="s" uri="/struts-tags"%>
>> > 
>> > <s:if test="%{false}">
>> >     <div>Will Not Be Executed</div>
>> > </s:if>
>> > 
>> > http://struts.apache.org/2.0.11.2/docs/if.html
>> > datorită struts
>> > Martin 
>> > ______________________________________________ 
>> > Disclaimer and confidentiality note 
>> > Everything in this e-mail and any attachments relates to the official
>> > business of Sender. This transmission is of a confidential nature and
>> > Sender does not endorse distribution to any party other than intended
>> > recipient. Sender does not necessarily endorse content contained within
>> > this transmission. 
>> > 
>> > 
>> >> Date: Sat, 13 Sep 2008 08:58:59 -0700
>> >> From: coolwhiff@mail.ru
>> >> To: users@tomcat.apache.org
>> >> Subject: Re: Disable java code execution <%blabla%> in jsp, but
>> permits
>> >> tags
>> >> 
>> >> 
>> >> We want them to be able to customize information they get from our
>> system
>> >> by
>> >> using custom tags
>> >> 
>> >> 
>> >> H. Hall wrote:
>> >> > 
>> >> > kazukin6 wrote:
>> >> >> Plz Help !!
>> >> >> Is it possible to disable all java code execution within jsp page
>> (by
>> >> >> security manager or something)
>> >> >> but allow custom tags to be executed?
>> >> >>
>> >> >> The problem is that the users can change jsp files, and due to
>> >> security
>> >> >> reasons we can allow them to use only tags 
>> >> >>   
>> >> > Why are users allowed to change jsp files?
>> >> > 
>> >> > HH
>> >> > 
>> >> > 
>> >> > 
>> >> > -- 
>> >> > H. Hall
>> >> > ReedyRiver Group LLC
>> >> > http://www.reedyriver.com
>> >> > 
>> >> > 
>> >> >
>> ---------------------------------------------------------------------
>> >> > To start a new topic, e-mail: users@tomcat.apache.org
>> >> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> > For additional commands, e-mail: users-help@tomcat.apache.org
>> >> > 
>> >> > 
>> >> > 
>> >> 
>> >> -- 
>> >> View this message in context:
>> >>
>> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html
>> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
>> >> 
>> >> 
>> >> ---------------------------------------------------------------------
>> >> To start a new topic, e-mail: users@tomcat.apache.org
>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>> >> 
>> > 
>> > _________________________________________________________________
>> > Get more out of the Web. Learn 10 hidden secrets of Windows Live.
>> >
>> http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
>> > 
>> 
>> -- 
>> View this message in context:
>> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>> 
>> 
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
> 
> _________________________________________________________________
> See how Windows connects the people, information, and fun that are part of
> your life.
> http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
> 

-- 
View this message in context: http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476725.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message