You want access control, just use acegi security to do it, it's a lot better than anything that's gonna get done here soon.
Struts already has enough junk thrown in anyway. Incidentally about the only useful thing I've seen recently is Niall Pemberton's lazy validator forms, how come they haven't been included in struts CVS yet ? Maybe it would be better to concentrate on the usefull stuff first ???? --b On Sat, 25 Sep 2004 10:24:46 -0700, Michael McGrady <[EMAIL PROTECTED]> wrote: > See within: > > Joe Germuska wrote: > > > At 8:05 AM -0700 9/25/04, Michael McGrady wrote: > > > >> Without looking at things in gruesome detail, Ji Liu, I agree. +1 > > > > > > Hey, wait -- I thought you were the one warning us against bloating > > Struts!? :^) > > Yah, Joe, I guess if I don't want to order cheeseburgers with Struts I > shouldn't want to validate prior to checking user privileges either! > LOL I am not against adding to Struts. I am just against adding > applications not related to the framework to Struts. Anyway, I am > fairly sure what I think is not going to keep anyone up late. LOL I in > fact think this is the sort of thing that Struts needs. > > > > >> >when the client want to access a url,validating the > >> > >>> input is the first thing application should do.If we > >>> use filter,the input maybe invalidate but user get > >>> "can't access".So we should do this after validate the > >>> input,and before perform the action. > >> > > > > Actually, I don't understand why one should validate input before > > assessing access privileges. If the user doesn't have permission to > > access, then the input is implicitly invalid, so why bother doing the > > input validation? > > My guess is that he is thinking that a user may have made an incorrect > entry which is invalid but be a perfectly good user in fact. Is that right? > > > > >> >Obviously,the class used by the config should obey > >> > >>> some simples rule. > >>> Without edit the source code I already implement this > >>> in struts by extend the ActionMapping and > >>> RequestProcessor.But the config is so ugly.I have use > >>> a string which represent the config. > >> > >> >I think struts need to support this. > > > > > > I think that the problem here is that access control is a pretty > > multifaceted and potentially complex aspect of an application, and one > > which is most likely to need to integrate with "home-grown" systems. > > I would be happy to look at a proposed API/configuration format and to > > consider how to make Struts work well with that, but I think it would > > be a great challenge to come up with a "universal" API for it. > > Yah, that would be really cool! I could not agree more. > > > > > Also, note that Struts does at least integrate with J2EE container > > based authentication, whatever problems that model has. If nothing > > else, it's a standard, which makes it easier for Struts to comply with > > it. > > > > Joe > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
