yes yes I know, it's a niche market :-), by many people called legacy. My definition of legacy being "something that works" .
(http://en.wikipedia.org/wiki/RACF) 2008/12/19 Andrew Jaquith <[email protected]> > RACF?!? Most impressive... > Glad the hint helped. :) > > On Fri, Dec 19, 2008 at 4:13 PM, Harry Metske <[email protected] > >wrote: > > > Andrew, > > > > I forgot to follow up on this, sorry. > > I implemented a Stripes interceptor (based on the sample provided on the > > Stripes website). > > Works like a charm, together with a Jaas login module (authentication > > against RACF) and a basic login.jsp the problem is now solved elegantly. > > > > thanks for the hint. > > > > regards, > > Harry > > > > 2008/11/27 Harry Metske <[email protected]> > > > > > yes I have read about that but wasn't sure if it would help me. > > > the important point thing you say here is "forward the user as needed > to > > a > > > login or "unauthorized" page if the role check fails" with the emphasis > > on > > > login page. > > > So if I understand it correctly, users that don't have an account > should > > > still be able to use the "Read functions" that way. > > > > > > I'll have a look at it and see if I can make it work, thanks for the > help > > ! > > > > > > regards, > > > Harry > > > > > > 2008/11/27 Andrew Jaquith <[email protected]> > > > > > > I am not sure if this will be possible, but it seems to me that you > > should > > >> not have to use multiple URLs for the scenario you described. > > >> > > >> For role-based access to particular ActionBean methods, I recommend > > >> annotating the handler methods (read, edit etc) with annotations that > > denote > > >> the roles that are allowed to execute them. Then, you would provide an > > >> Interceptor implementation that fires after event resolution but > before > > >> validation. The Interceptor's job would be to make the authorization > > >> decision and forward the user as needed to a login or "unauthorized" > > page if > > >> the role check fails. > > >> > > >> This is actualy a pretty simple and elegant approach because you don't > > >> need to modify ActionBeans, or use separate URL schemes, to do it. > This > > >> Interceptor-based approach is the strategy JSPWiki 3 takes. > > >> > > >> There is a community-developed SecurityInterceptor floating around on > > the > > >> Stripes site somewhere. You should take a look at that first. > > >> > > >> Regards, > > >> > > >> Andrew > > >> > > >> > > >> On Nov 26, 2008, at 16:01, Harry Metske <[email protected]> > wrote: > > >> > > >> Andrew, > > >>> > > >>> will it then be possible to have more than one URL bound to the same > > >>> ActionBean ? > > >>> I ask because I currently work on a simple Stripes based CRUD > > >>> application, > > >>> and I'm using the same ActionBean for all actions (Create, Read, > > Update, > > >>> Delete). > > >>> I want read to be publicly available, but the others should be J2EE > > >>> protected with a security-constraint. > > >>> So would it be possible to have 2 URLs , like : > > >>> /nonpub/MyActionBean > > >>> /pub/MyActionBean > > >>> Where only the first one is protected. > > >>> Of course, there is some additional security checking required in the > > >>> ActionBean. > > >>> > > >>> regards, > > >>> Harry > > >>> > > >>> 2008/11/26 Andrew Jaquith <[email protected]> > > >>> > > >>> FYI -- > > >>>> > > >>>> Ben Gunter @ the Stripes project just committed a new enhancement > that > > >>>> I'd > > >>>> requested in August, namely the ability to create ActionBean > > URLBindings > > >>>> from arbitrary String patterns. It will ship in 1.5.1. > > >>>> > > >>>> This is excellent news because it makes it possible for third > parties > > >>>> (like > > >>>> us) to fairly easily create, for example, URLBinding patterns that > are > > >>>> read > > >>>> from text files. This gives us an option for binding URLs to > > ActionBeans > > >>>> other than the default method, which is to get them from class > > >>>> annotations. > > >>>> My intent is to create a FileActionResolver to do this, at a > slightly > > >>>> later > > >>>> point in the 3.0 dev cycle. > > >>>> > > >>>> For the Americans on this list -- happy Thanksgiving. > > >>>> > > >>>> Andrew > > >>>> > > >>>> > > >> > > > > > >
