[
https://issues.apache.org/jira/browse/CLK-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699445#action_12699445
]
Malcolm Edgar commented on CLK-406:
-----------------------------------
DefaultAccessController is probably a better name than RBAController. The name
was inspired from:
http://en.wikipedia.org/wiki/RBAC
Other alternatives would be RoleAccessController, ContainerAccessController,
JEEAccessController.
The idea behind providing an access controller, is so you can use Spring or
JSecurity security authorization strategy. This feature could also be used by
the Tree control.
Where we put these classes is an interesting question. Do you think
extras.security is the right place?
> Menu improvements - plug-able role checking.
> --------------------------------------------
>
> Key: CLK-406
> URL: https://issues.apache.org/jira/browse/CLK-406
> Project: Click
> Issue Type: Improvement
> Components: extras
> Reporter: Demetrios Kyriakis
>
> Please improve the Menu Control, by allowing the user to have a plug-able
> role cheking for the menu items.
> Right now the Menu Control is using HttpRequest#isUserInRole(String role),
> but most webapplications
> don't use this strategy for user/roles management, so this method returns
> false for all those cases :(.
> This is very limiting, making the existing Menu Control useless for most user
> applications, thus forcing the users
> to make their own menu controls (or the hack the original one).
> Please allow to set a different method for this operation by the user (if no
> other is used, of course, the default one - mentioned above - would be used
> as before - so 100% backwards compatible).
> Thank you,
> Demetrios.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
