Matt Ho wrote:
<snip>I look at it this way. There are a couple accepted ways of implementing declarative security:1. Securing based on path (Servlets for example) 2. Securing based on authenticated role (EJBs for example) There are of course proprietary implementations. Ideally, I would love XWork to support 1 and 2 orthogonally. I can understand forcing developers to rely on approach 1 as it's a common web practice, but I can't agree with forcing developers to use approach 2 only.
This would essentially mean that XWork would have to support these two invocation types:
/action/bar
/foo/bar.action
The first case would work well with path based security and roles, and the other would have no choice but to use roles. However, feature-wise the second case supports skinning.
And then there's the third case which also supports path based security:
/foo/xyzzy.jsp (which invokes "bar" action)
Maybe it's possible to support all three. Question is: is it better to support as many options as possible, or is it better to have one way to do things? I suppose it's a tradeoff between flexibility and complexity.
/Rickard
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
