Without looking at things in gruesome detail, Ji Liu, I agree. +1 ji liu wrote:
>when build a large web based application,access >control is required.For example user A can't access >user B's private imformations.In order to do so,we >should code the access control logic in >controllers.But when the access control logic is >changed,the controlllers will be changed.So someone >suggest to use filter.Yes,filter can do this very >well.But I think we miss something. >when the client want to access a url,validating the >input is the first thing application should do.If we >use filter,the input maybe invalidate but user get >"can't access".So we should do this after validate the >input,and before perform the action. >If I don't use struts,there will be no problem.But I >use struts and validator.I hava seen the source code,I >can't find a method to implement this mechanism >without change the source code. >I already get an idea.if the struts-config.xml can >support these tags: ><action path="URL"> > <!--action declaration--!> > <access class="className"> > <property name="propertyName" value="value"> > <!--other property--!> > <method name="method1"/> > <!--other method--!> > <access> > <!--other access--!> > </action> >This config means when client access URL,the access >control will use the class declared in the "access>" >element,and use the method decleard in the "method" >element.The properties of the access control class is >set by the "property" element. >take a simple config for example: ><action path="URL"> > <!--action declaration--!> > <access class="class1"> > <property name="name" value="Ji Liu"> > <method name="method1"/> > <method name="method2"/> > <access> > <access class="class2"> > <property name="role" value="user"> > <method name="method3"/> > <access> ></action> >this config means when client requests URL,the >application create an object by class1 and set its >property "name" using value "Ji Liu".Then use the >object's method "method1" and "method2" to check the >rights.After that another object is created by >class2,and initialized its property "role" as >"user",then use method "method3" to check. > >Obviously,the class used by the config should obey >some simples rule. >Without edit the source code I already implement this >in struts by extend the ActionMapping and >RequestProcessor.But the config is so ugly.I have use >a string which represent the config. >I think struts need to support this. >===================================================== >I apologized to your for may poor English. English >isn't my first language.So I think it will be a little >bit difficult to understand what I want to express. >:) > >Ji Liu > >_________________________________________________________ >Do You Yahoo!? >150万曲MP3疯狂搜,带您闯入音乐殿堂 >http://cn.rd.yahoo.com/mail_cn/tag/yisou/music/*http://music.yisou.com/ >美女明星应有尽有,搜遍美图、艳图和酷图 >http://cn.rd.yahoo.com/mail_cn/tag/yisou/image/*http://image.yisou.com >1G就是1000兆,雅虎电邮自助扩容! >http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/ > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
