I just ran into a small issue with the Security Interceptor. We have some
custom validation methods that require that the user be logged into to work
properly.
>From the docs I see the following. Why do you need to intercept
>BindingAndValidation? Why would you allow a user that is not logged in to get
>that far into an application before you kick them? Is there a way to override
>this? Should I just extends the SecurityInterceptor myself?
/**
* Security interceptor for the Stripes framework. Determines if handling the
event for the current execution context
* is allowed. Execution is allowed if there is no security manager, or if the
security manager allows it. See the
* documentation of the SecurityManager interface for more information.
* <p>
* The security manager is invoked between binding&validation and event
handling, in a way to ensure annotations
* like @DontValidate and @DontBind work as intended.
*
* @author <a href="mailto:kin...@xs4all.nl">Oscar Westra van Holthe - Kind</a>
* @author <a href="mailto:xf2...@fastmail.fm">Fred Daoud</a>
* @version $Id: SecurityInterceptor.java 203 2007-04-27 18:42:44Z oscar $
* @see SecurityManager
* @see SecurityHandler
*/
@Intercepts({
LifecycleStage.BindingAndValidation, LifecycleStage.CustomValidation,
LifecycleStage.EventHandling,
LifecycleStage.ResolutionExecution
})
public class SecurityInterceptor
--
Nathan Maves
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users