yes I have read about that but wasn't sure if it would help me. the important point thing you say here is "forward the user as needed to a login or "unauthorized" page if the role check fails" with the emphasis on login page. So if I understand it correctly, users that don't have an account should still be able to use the "Read functions" that way.
I'll have a look at it and see if I can make it work, thanks for the help ! regards, Harry 2008/11/27 Andrew Jaquith <[EMAIL PROTECTED]> > I am not sure if this will be possible, but it seems to me that you should > not have to use multiple URLs for the scenario you described. > > For role-based access to particular ActionBean methods, I recommend > annotating the handler methods (read, edit etc) with annotations that denote > the roles that are allowed to execute them. Then, you would provide an > Interceptor implementation that fires after event resolution but before > validation. The Interceptor's job would be to make the authorization > decision and forward the user as needed to a login or "unauthorized" page if > the role check fails. > > This is actualy a pretty simple and elegant approach because you don't need > to modify ActionBeans, or use separate URL schemes, to do it. This > Interceptor-based approach is the strategy JSPWiki 3 takes. > > There is a community-developed SecurityInterceptor floating around on the > Stripes site somewhere. You should take a look at that first. > > Regards, > > Andrew > > > On Nov 26, 2008, at 16:01, Harry Metske <[EMAIL PROTECTED]> wrote: > > Andrew, >> >> will it then be possible to have more than one URL bound to the same >> ActionBean ? >> I ask because I currently work on a simple Stripes based CRUD application, >> and I'm using the same ActionBean for all actions (Create, Read, Update, >> Delete). >> I want read to be publicly available, but the others should be J2EE >> protected with a security-constraint. >> So would it be possible to have 2 URLs , like : >> /nonpub/MyActionBean >> /pub/MyActionBean >> Where only the first one is protected. >> Of course, there is some additional security checking required in the >> ActionBean. >> >> regards, >> Harry >> >> 2008/11/26 Andrew Jaquith <[EMAIL PROTECTED]> >> >> FYI -- >>> >>> Ben Gunter @ the Stripes project just committed a new enhancement that >>> I'd >>> requested in August, namely the ability to create ActionBean URLBindings >>> from arbitrary String patterns. It will ship in 1.5.1. >>> >>> This is excellent news because it makes it possible for third parties >>> (like >>> us) to fairly easily create, for example, URLBinding patterns that are >>> read >>> from text files. This gives us an option for binding URLs to ActionBeans >>> other than the default method, which is to get them from class >>> annotations. >>> My intent is to create a FileActionResolver to do this, at a slightly >>> later >>> point in the 3.0 dev cycle. >>> >>> For the Americans on this list -- happy Thanksgiving. >>> >>> Andrew >>> >>> >
