http://acegisecurity.sourceforge.net
unless of course you feel an irresistable urge to reinvent the wheel for the 10000000000000th time ...... --b On Sun, 26 Sep 2004 05:07:32 +0000, liu ji <[EMAIL PROTECTED]> wrote: > Thank you. > I know filter can do this very well.But filter have some drawbacks.I don't > know how to express this,because of my poor English. > Without struts,I can use a single filter to delegate the request to my > access control framework.I have already done this. > But when using struts,there will be some redundancies. > And I think struts should provide this. > > May a access control framework which doesn't denpend on struts is more > attractive. > I want this kind framework. > Do you know where can I find one? > > ============================================== > Ji Liu > > >From: "Frank W. Zammetti (MLists)" <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: "Struts Developers List" <[EMAIL PROTECTED]> > >Subject: Re: why not extend struts to support access control? > >Date: Sat, 25 Sep 2004 13:12:44 -0400 (EDT) > > > >I'm not sure I follow your reasoning... In terms of security, you ALWAYS > >want a user to be authenticated and validated before ANY application-level > >code executes, and in my mind, that very much includes input validations. > >Filters provide this mechanism, before Struts comes into play, which is > >where it should happen. > > > >In an enterprise-class application, the trend, and rightly so I think, is > >to externalize security, meaning when a URL is requested, the web server > >hands the user authentication piece off to some handler (like Netegrity > >Siteminder as an example), so it's not the web server, app server or even > >a filter that handles checking if a user is valid for each request. > > > >Am I missing something that might change my mind? > > > >-- > >Frank W. Zammetti > >Founder and Chief Software Architect > >Omnytex Technologies > >http://www.omnytex.com > > > > _________________________________________________________________ > åèäè MSN Explorer: http://explorer.msn.com/lccn > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
