Along this line, I've mentioned before that one of the top requirements I've got for a framework, and we're hopefully going to be switching to a new (better) framework in the next few months, is the ability to use J2EE declarative security to secure paths. This means that the way actions are invoked needs to be rethought. Currently, there's no way to keep people from executing your actions without creating a separate J2EE declarative security entry for each action (and each alias, etc). This is, IMHO, a HUGE drawback.
Jason -----Original Message----- From: Chris Nokleberg [mailto:[EMAIL PROTECTED]] I think it would be more useful if instead of applying directly to actions, the filters/interceptors applied to paths (URLs). The paths could support wildcards, either Servlet-style or a more complete regexp style. e.g. define secure = persist, security, execute define open = standard - security map /* = open map /admin/* = secure (but probably in xml) There would need to be some thought about how to combine stacks of interceptors, path matching precedence, etc. This is probably best done in conjuction with nailing down actions to specific paths. -Chris ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
