Christophe Lombart wrote:
David,
If I understand correctly, The ajax service gives the possibility to
call some portal services from ajax client. What about the security ?
Eg. I would like to get groups, users and roles to populate tree view
or list boxs. How to secure this kind of call ?
What about in the action definition in the spring configuration:
<bean id="AjaxGetRoles"
...
<!-- Security Constraint Ref OR role-based-access-constraints -->
<constructor-arg index='3'>
<value>requires-admin</value>
--OR--
<value>admin</value>
</constructor-arg>
</bean>
Here we configure the security constraint or RBAC
I think I may simply go with RBAC for now
Let me know what you think, I should be able to get this into the Ajax
Pipeline today
I'm making a prototype in Graffito with Rico and the ajax services.
I'm wondering what is the best approach to return the desired
information to update in my browser. I see 2 possibilities :
1. Use an xml file like portlet_apps.ajax which required more javascripts.
2. Use an xml containing the html element reference to update (method
suggested by Rico).
When using Rico or such ajax framework, is it make sense to use the
second solution ?
If not, are there some javascript to update the html element with the
xml data ?
My approach has been #1, since XML gives us a clean separation between
content and markup. Its then up to the script to format the result.
Im not sure if I actually understand #2
Last question : is it possible to call some portlet actions with ajax
? is it make sense to doing that ?
Sure, it is possible. You can create action URLs in your page, and then
have Ajax call that URL. We have not used this approach, instead
handling the requests in the pipeline, allthough I think its a valid
approach, it ties the Ajax calls to a particular portlet entity on a page
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
