I have just read the example. I don't see any clue that ageci solved the problem.
Although it can ensure the security in function level,it isn't very useful.
I can security my system in a high level not function level.
It also uses IOC which struts doesn't support.If I want to use it,I have to use spring.
Your example is the role checking.But the access control is more complex.
For example,when user A want to edit his information,the URL maybe like this http://user/editProfile.do?id=userA.The editProfile.do use the id parameter to get the profile of user A.Before doing that the application should ensure whether the request is requested by user A.So the editProfile should compare the id parameter with the id property stored in the session.
Maybe more complex,for example,the id parameter indicate the order id.User may have a lot of orderid,they can only edit the order which wasn't shipped.How can ageci solve this?
Sorry,I ask a lot of questions,and may of them are irrelevant to struts.
============================================== Ji Liu
From: bryan <[EMAIL PROTECTED]><[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: liu ji <[EMAIL PROTECTED]>, Struts Developers List
Subject: Re: why not extend struts to support access control? Date: Sun, 26 Sep 2004 13:40:01 +0200
it does support it, just depends on whether or not you correctly structured your application.
Here is a sample app that I wrote to test it.
https://jestate.dev.java.net/files/documents/1364/7000/ageci-quick-start.zip
for
There is ample documentation on their web site as well.
--b
On Sun, 26 Sep 2004 18:59:55 +0800, liu ji <[EMAIL PROTECTED]> wrote:
> I don't think acegi security support the programmatic access control.
>
> By the way,how do you solve the programmatic access control problem?
>
> ==============================================
> Ji Liu
>
>
> >From: bryan <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: Struts Developers List <[EMAIL PROTECTED]>
> >Subject: Re: why not extend struts to support access control?
> >Date: Sun, 26 Sep 2004 12:44:40 +0200
> >
> >http://acegisecurity.sourceforge.net
> >
> >unless of course you feel an irresistable urge to reinvent the wheel
> thewrote:
> >10000000000000th time ......
> >
> >--b
> >
> >
> >On Sun, 26 Sep 2004 05:07:32 +0000, liu ji <[EMAIL PROTECTED]>
> > > Thank you.drawbacks.I
> > > I know filter can do this very well.But filter have some
> don'tmy
> > > know how to express this,because of my poor English.
> > > Without struts,I can use a single filter to delegate the request to
> > > access control framework.I have already done this.more
> > > But when using struts,there will be some redundancies.
> > > And I think struts should provide this.
> > >
> > > May a access control framework which doesn't denpend on struts is
> > > attractive.which
> > > I want this kind framework.
> > > Do you know where can I find one?
> > >
> > > ==============================================
> > > Ji Liu
> > >
> > > >From: "Frank W. Zammetti (MLists)" <[EMAIL PROTECTED]>
> > > >Reply-To: [EMAIL PROTECTED]
> > > >To: "Struts Developers List" <[EMAIL PROTECTED]>
> > > >Subject: Re: why not extend struts to support access control?
> > > >Date: Sat, 25 Sep 2004 13:12:44 -0400 (EDT)
> > > >
> > > >I'm not sure I follow your reasoning... In terms of security, you
> ALWAYS
> > > >want a user to be authenticated and validated before ANY
> application-level
> > > >code executes, and in my mind, that very much includes input
> validations.
> > > >Filters provide this mechanism, before Struts comes into play,
> isthink,
> > > >where it should happen.
> > > >
> > > >In an enterprise-class application, the trend, and rightly so I
> isor
> > > >to externalize security, meaning when a URL is requested, the web
> server
> > > >hands the user authentication piece off to some handler (like
> Netegrity
> > > >Siteminder as an example), so it's not the web server, app server
> evenrequest.
> > > >a filter that handles checking if a user is valid for each
> > > >---------------------------------------------------------------------
> > > >Am I missing something that might change my mind?
> > > >
> > > >--
> > > >Frank W. Zammetti
> > > >Founder and Chief Software Architect
> > > >Omnytex Technologies
> > > >http://www.omnytex.com
> > > >
> > >
> > > _________________________________________________________________
> > > ??????瀣?? MSN Explorer: http://explorer.msn.com/lccn
> > >
> > >
> > >
> > >
> > >
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]http://www.hotmail.com
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
> 浜??涓??涓??澶х??靛???欢绯荤???MSN Hotmail??
> >
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
