On Fri, Jan 03, 2003 at 09:25:43AM +0100, Rickard Öberg wrote: > Mike Cannon-Brookes wrote: > >Hrm - no, this is thinking the wrong way mate :) > > > >If webwork defined paths, security would work perfectly right? > > > >So why not have webwork only 'work' if the path is correct (and defined)? > > > >Ie /admin/foo.action would execute foo, but /bar/admin/foo.action would > >execute nothing. > > Then the action would be "pinned" to that particular path, and skinning > wouldn't work. > > >That way you keep .action, AND your security works fine? > > Here's another way: define the roles that are allowed to access an > action in xwork.xml, and create an interceptor that checks it. Then it > can work exactly like how web.xml works, except it can do so for the > case where an unsecure action calls a secure action too.
That is a lot of extra machinery where pinning the action would work instead. Between skinning and support for declarative security, it seems to me the latter is wanted by more people. BTW, if interceptors had at least an optional URL-mapping component, you could do skinning via /* -> DefaultSkinInterceptor /bar/* -> BarSkinInterceptor I find it strange how on one hand you argue against triggering functionality based on URL-matching, but on the other hand argue for that exactly through your skinning examples. -Chris ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
