Well, one reason for having an s:secure tag would be that panelGroup
will render a span - which we probably don't want in this case.
I personally tend to think that the map-access like in:
rendered="#{securityBean['myRole'] }"
(yes, you can alternatively write:
rendered="#{securityBean.myRole }")
solves most of the problems such that an s:secure-tag is not needed.
I do think that MyFaces should come with a security-bean out of the
box, though, which would access the user-roles of the
external-context, and we should get rid of enabledOnUserRole and
visibleOnUserRole.
regards,
Martin
On 8/16/06, Kumar, Girish <[EMAIL PROTECTED]> wrote:
Is s:secure already written or you want to implement it ?
Can you be more clear on what s:secure does ?
Girish
________________________________
From: Cagatay Civici [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 16, 2006 10:08 AM
To: MyFaces Development
Subject: Re: s:secure
Hi Mike,
> <h:panelGroup rendered="#{securityBean.isManager or securityBean.isAdmin
}">
>
> //components to be secured goes here
> </h:panelGroup >
>
Yes that would do the same job but my point is the user must create the
securityBean class to accomplish this.
Also securityBean changes when a new role is added. Imagining the possible
amount of roles, the maintanence of the bean might cause problems when
things get more complex.
My other concern is what if there are other conditions that effect the
rendered property of the panel. Then that should also be added to the
security concern like;
#{securityBean.isManager or securityBean.isAdmin or pageBean.isLoggedIn}
Anyway, I'm just thinking loud :)
Cagatay
On 8/16/06, Mike Kienenberger <[EMAIL PROTECTED]> wrote:
> What's wrong with using this?
>
> <h:panelGroup rendered="#{securityBean.isManager or
securityBean.isAdmin}">
> //components to be secured goes here
> </h:panelGroup >
>
> Seems a lot more flexible.
>
> On 8/16/06, Cagatay Civici < [EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > What do you guys think about a security component like this;
> >
> > <s:secure ifAnyGranted="manager, admin">
> > //components to be secured goes here
> > </s:secure>
> >
> > Also have attributes like ifNotGranted, ifAnyGranted disable and etc.
> >
> > Do you think this should be useful?
> >
> > Regards,
> >
> > Cagatay
> >
>
**************************************************************************
This message and any attached documents contain information
which may be confidential, subject to privilege or exempt from
disclosure under applicable law. These materials are solely for
the use of the intended recipient. If you are not the intended
recipient of this transmission, you are hereby notified that any
distribution, disclosure, printing, copying, storage, modification
or the taking of any action in reliance upon this transmission is
strictly prohibited. Delivery of this message to any person other
than the intended recipient shall not compromise or waive
such confidentiality, privilege or exemption from disclosure as
to this communication.
If you have received this communication in error, please notify
the sender immediately and delete this message from your system.
*****************************************************************************
--
http://www.irian.at
Your JSF powerhouse -
JSF Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
