I know filter can do this very well.But filter have some drawbacks.I don't know how to express this,because of my poor English.
Without struts,I can use a single filter to delegate the request to my access control framework.I have already done this.
But when using struts,there will be some redundancies.
And I think struts should provide this.
May a access control framework which doesn't denpend on struts is more attractive.
I want this kind framework.
Do you know where can I find one?
============================================== Ji Liu
From: "Frank W. Zammetti (MLists)" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: "Struts Developers List" <[EMAIL PROTECTED]> Subject: Re: why not extend struts to support access control? Date: Sat, 25 Sep 2004 13:12:44 -0400 (EDT)
I'm not sure I follow your reasoning... In terms of security, you ALWAYS want a user to be authenticated and validated before ANY application-level code executes, and in my mind, that very much includes input validations. Filters provide this mechanism, before Struts comes into play, which is where it should happen.
In an enterprise-class application, the trend, and rightly so I think, is to externalize security, meaning when a URL is requested, the web server hands the user authentication piece off to some handler (like Netegrity Siteminder as an example), so it's not the web server, app server or even a filter that handles checking if a user is valid for each request.
Am I missing something that might change my mind?
-- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com
_________________________________________________________________
免费下载 MSN Explorer: http://explorer.msn.com/lccn
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
