What would happen if the skins had to be explicitly defined in the
configuration, or if none were defined then XWork would default to "pinned"
paths? That way people that were not using the skinning would be able to use
declaritive security as in a normal webapp, while the skinners could still
use it to with relatively minor inconvenience - they'd have to declare a
separate security constraint for each skin, eg:
<web-resource-collection>
<web-resource-name>Management Application</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<url-pattern>/skin1/admin/*</url-pattern>
<url-pattern>/skin2/admin/*</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
- while not perfect, that's still a vast improvement over the current state
of affairs.
"Rickard Öberg" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Mike Cannon-Brookes wrote:
> > Hrm - no, this is thinking the wrong way mate :)
> >
> > If webwork defined paths, security would work perfectly right?
> >
> > So why not have webwork only 'work' if the path is correct (and
defined)?
> >
> > Ie /admin/foo.action would execute foo, but /bar/admin/foo.action would
> > execute nothing.
>
> Then the action would be "pinned" to that particular path, and skinning
> wouldn't work.
>
> > That way you keep .action, AND your security works fine?
>
> Here's another way: define the roles that are allowed to access an
> action in xwork.xml, and create an interceptor that checks it. Then it
> can work exactly like how web.xml works, except it can do so for the
> case where an unsecure action calls a secure action too.
>
> /Rickard
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Opensymphony-webwork mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
