See within:
Joe Germuska wrote:
At 8:05 AM -0700 9/25/04, Michael McGrady wrote:
Without looking at things in gruesome detail, Ji Liu, I agree. +1
Hey, wait -- I thought you were the one warning us against bloating Struts!? :^)
Yah, Joe, I guess if I don't want to order cheeseburgers with Struts I shouldn't want to validate prior to checking user privileges either! LOL I am not against adding to Struts. I am just against adding applications not related to the framework to Struts. Anyway, I am fairly sure what I think is not going to keep anyone up late. LOL I in fact think this is the sort of thing that Struts needs.
>when the client want to access a url,validating the
input is the first thing application should do.If we use filter,the input maybe invalidate but user get "can't access".So we should do this after validate the input,and before perform the action.
Actually, I don't understand why one should validate input before assessing access privileges. If the user doesn't have permission to access, then the input is implicitly invalid, so why bother doing the input validation?
My guess is that he is thinking that a user may have made an incorrect entry which is invalid but be a perfectly good user in fact. Is that right?
>Obviously,the class used by the config should obey
some simples rule. Without edit the source code I already implement this in struts by extend the ActionMapping and RequestProcessor.But the config is so ugly.I have use a string which represent the config.
>I think struts need to support this.
I think that the problem here is that access control is a pretty multifaceted and potentially complex aspect of an application, and one which is most likely to need to integrate with "home-grown" systems. I would be happy to look at a proposed API/configuration format and to consider how to make Struts work well with that, but I think it would be a great challenge to come up with a "universal" API for it.
Yah, that would be really cool! I could not agree more.
Also, note that Struts does at least integrate with J2EE container based authentication, whatever problems that model has. If nothing else, it's a standard, which makes it easier for Struts to comply with it.
Joe
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
