I am not sure if this will be possible, but it seems to me that you
should not have to use multiple URLs for the scenario you described.
For role-based access to particular ActionBean methods, I recommend
annotating the handler methods (read, edit etc) with annotations that
denote the roles that are allowed to execute them. Then, you would
provide an Interceptor implementation that fires after event
resolution but before validation. The Interceptor's job would be to
make the authorization decision and forward the user as needed to a
login or "unauthorized" page if the role check fails.
This is actualy a pretty simple and elegant approach because you don't
need to modify ActionBeans, or use separate URL schemes, to do it.
This Interceptor-based approach is the strategy JSPWiki 3 takes.
There is a community-developed SecurityInterceptor floating around on
the Stripes site somewhere. You should take a look at that first.
Regards,
Andrew
On Nov 26, 2008, at 16:01, Harry Metske <[EMAIL PROTECTED]> wrote:
Andrew,
will it then be possible to have more than one URL bound to the same
ActionBean ?
I ask because I currently work on a simple Stripes based CRUD
application,
and I'm using the same ActionBean for all actions (Create, Read,
Update,
Delete).
I want read to be publicly available, but the others should be J2EE
protected with a security-constraint.
So would it be possible to have 2 URLs , like :
/nonpub/MyActionBean
/pub/MyActionBean
Where only the first one is protected.
Of course, there is some additional security checking required in the
ActionBean.
regards,
Harry
2008/11/26 Andrew Jaquith <[EMAIL PROTECTED]>
FYI --
Ben Gunter @ the Stripes project just committed a new enhancement
that I'd
requested in August, namely the ability to create ActionBean
URLBindings
from arbitrary String patterns. It will ship in 1.5.1.
This is excellent news because it makes it possible for third
parties (like
us) to fairly easily create, for example, URLBinding patterns that
are read
from text files. This gives us an option for binding URLs to
ActionBeans
other than the default method, which is to get them from class
annotations.
My intent is to create a FileActionResolver to do this, at a
slightly later
point in the 3.0 dev cycle.
For the Americans on this list -- happy Thanksgiving.
Andrew
