Mike Cannon-Brookes wrote:
Hrm - no, this is thinking the wrong way mate :)
If webwork defined paths, security would work perfectly right?
So why not have webwork only 'work' if the path is correct (and defined)?
Ie /admin/foo.action would execute foo, but /bar/admin/foo.action would
execute
Matt Ho wrote:
I look at it this way. There are a couple accepted ways of implementing
declarative security:
1. Securing based on path (Servlets for example)
2. Securing based on authenticated role (EJBs for example)
There are of course proprietary implementations. Ideally, I would love
This would essentially mean that XWork would have to support these two
invocation types:
/action/bar
/foo/bar.action
I'm probably not explaining myself well. To me, these are both examples
of path based security, struts style. Your second example with the jsp
was what I was considering role
Heng Sin Low wrote:
May be don't use reflection then and delegate this to the action itself.
For e.g, this can be implemented by adding an init method to the Action
interface that take a map as parameter. This would also allow us to
differentiate between init parameter ( usually for
Chris Miller wrote:
What would happen if the skins had to be explicitly defined in the
configuration, or if none were defined then XWork would default to pinned
paths?
Then there would be an outcry of too much to configure.. waaah. :-)
That way people that were not using the skinning would be
It would seem some folks are assuming that all requests will go via the
servlet and therefore if myAction is deemed to be an action then it
will be executed. This obviously has a high overhead factor.
On Thursday, January 2, 2003, at 08:47 PM, Rickard Öberg wrote:
Jason Carreira wrote:
I
Then there would be an outcry of too much to configure.. waaah. :-)
Well I did say it wasn't perfect :-) However, there would be *nothing* to
configure if the user wasn't skinning their app. If they were skinning, then
I agree that the configuration in web.xml is still awkward. If you can think
Chris Miller wrote:
Then there would be an outcry of too much to configure.. waaah. :-)
Well I did say it wasn't perfect :-) However, there would be *nothing* to
configure if the user wasn't skinning their app. If they were skinning, then
I agree that the configuration in web.xml is still
Actually, all this talk of filters, etc. makes me wonder if it *is*
supposed to be WebWork 2.0 as opposed to XWork. Applying filters to a
Swing app would be, um, great fun.
On Fri, 3 Jan 2003, Jason Carreira wrote:
As opposed to what? This is a model-2 MVC framework. It uses a controller
Joseph Ottinger wrote:
Actually, all this talk of filters, etc. makes me wonder if it *is*
supposed to be WebWork 2.0 as opposed to XWork. Applying filters to a
Swing app would be, um, great fun.
Yes and no. Some of the stuff we're discussing here are definitely
web-centric, but others is not.
As opposed to what? This is a model-2 MVC framework. It uses a controller servlet as
its entry point.
-Original Message-
From: Robert Nicholson [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 03, 2003 5:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [OS-webwork] Action invocation
In current WebWork the main focus is on actions.
I miss the EXPLICIT implementation of the concept dialog.
In my view a dialog is a finite state machine implementation (FSM), an
action causes a state transition in the active state machine(s) (the (s) is
because an application will usually
Jason Carreira wrote:
As opposed to what? This is a model-2 MVC framework. It uses a controller servlet as its entry point.
Using a controller servlet that intercepts all requests but only deals
with some of the requests is going to be unnecessary overhead.
/Rickard
Jason Carreira wrote:
Maybe, but is it an acceptable level of complexity for the benefits
(simplictiy, security, etc) it provides? For instance, I would like
to have all of my JSP pages under WEB-INF, so they can only be used
from the servlet, rather than being accessed directly, which would
most
I'm pretty sure I read an article about doing it... Anybody else have any experience
doing this?
-Original Message-
From: Rickard Öberg [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 03, 2003 10:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [OS-webwork] Action invocation
Jason
No, you are correct. If you put the JSPs in the WEB-INF directory, the
servlet engine will not allow direct access. I do it all the time... IMHO,
this is a very good practice!
- Original Message -
From: Jason Carreira [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 03,
If you put the jsp's in the WEB-INF what do your paths look like? I'm
guessing your servlet
has to requestdispatch to a path relative to WEB-INF?
I think David Geary may have done something like this in his Advanced
JSP book.
On Friday, January 3, 2003, at 04:14 PM, Tim Dwelle wrote:
No, you
On Thu, Jan 02, 2003 at 09:23:19PM +0100, Rickard Öberg wrote:
Chris Nokleberg wrote:
There are some interesting
questions regarding the ordering of all the parameter setting,
though. I'd prefer that the action properties overwrite any form
parameters. If you're using the properties to
On Fri, Jan 03, 2003 at 09:25:43AM +0100, Rickard Öberg wrote:
Mike Cannon-Brookes wrote:
Hrm - no, this is thinking the wrong way mate :)
If webwork defined paths, security would work perfectly right?
So why not have webwork only 'work' if the path is correct (and defined)?
Ie
Why is it more convenient than tying it to a result page? Or do you run
the action without a result?
I will run the action without a result a few times to start off to make sure
it compiles and goes through to success and so forth. I also have some (very
few) actions that don't actually have a
Hi Matt,
Could you post your Struts comparison info into the Wiki
(http://www.opensymphony.com:8668/space/WebWork)? The current WW docs
don't really say anything substantive along this line.
Thanks for the info.
-Bill
Matt Ho wrote:
snip/
Here's an email I recently sent to a friend that
Did anyone have any thoughts on this skin / package config stuff I sent this morning?
-Original Message-
From: Jason Carreira
Sent: Friday, January 03, 2003 9:47 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [OS-webwork] Re: Re: Action invocation
-Original Message-
From: Rickard
22 matches
Mail list logo