"[EMAIL PROTECTED]" wrote : Why don't u place resources that need to be
accessed by management under "/restricted/management/" and protect.
|
| Explain to me why an application based role like "manager" that is checked
via isUserInRole("manager") to be mapped against an operational/deployment
role- is a lot of hardcoding? You are free to define as many app roles as you
need.
|
| Keep it simple.
|
| Have a look at JACC and our realm that deals with permissions in
|
| | org.jboss.web.tomcat.security.JaccAuthorizationRealm
| |
| Maybe that may give you some more ideas.
I don't want links to appear to pages that the user is not authorized to get to.
But calling isUserInRole("manager") before writing "<a
href=\"/management/stats.jsp\">" is hardcoding knowledge that is encoded
declaratively in web.xml into the java! What is the point of having declarative
security in web.xml, enforced by the container if I'm going to have to add that
knowledge into the java code?
What I need is isAuthorizedURL("\"/management/stats.jsp\"") which checks with
the container whether the URL is available to the current user's roles.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3915462#3915462
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3915462
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
