[jira] Commented: (CLK-406) Menu improvements - plug-able role checking.

Wed, 15 Apr 2009 16:41:37 -0700 

    [ 
https://issues.apache.org/jira/browse/CLK-406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12699451#action_12699451
 ] 

Joseph Schmidt commented on CLK-406:
------------------------------------

> Other alternatives would be RoleAccessController, ContainerAccessController, 
> JEEAccessController. 
I think these sound better since that's what it is.

> This feature could also be used by the Tree control. 
The (secure) pages could also use this from the menu.xml defintion since there 
are some roles associated with the pages, so onSecurityCheck is an even better 
place to be called.
Also Link controls could use it in their action, e.g. for the actions that are 
allowed only for some roles: e.g. when the securitCheck lets the user see the 
page, and e.g. add something but the delete link does not.

> Where we put these classes is an interesting question. Do you think 
> extras.security is the right place? 
I think it is very good. No core classes need them, so extras is the right 
place. 

> Menu improvements - plug-able role checking.
> --------------------------------------------
>
>                 Key: CLK-406
>                 URL: https://issues.apache.org/jira/browse/CLK-406
>             Project: Click
>          Issue Type: Improvement
>          Components: extras
>            Reporter: Demetrios Kyriakis
>
> Please improve the Menu Control, by allowing the user to have a plug-able 
> role cheking for the menu items.
> Right now the Menu Control is using HttpRequest#isUserInRole(String role), 
> but most webapplications
> don't use this strategy for user/roles management, so this method returns 
> false for all those cases :(.
> This is very limiting, making the existing Menu Control useless for most user 
> applications, thus forcing the users
> to make their own menu controls (or the hack the original one). 
> Please allow to set a different method for this operation by the user (if no 
> other is used, of course, the default one - mentioned above - would be used 
> as before - so 100% backwards compatible).
> Thank you,
> Demetrios.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to