Hi all, after reading stripes book decided to switch my security implementation from http://www.stripesframework.org/display/stripes/Securing+Stripes+With+ACLs to: http://www.stripesframework.org/display/stripes/Security+Interceptor+for+custom+authorization
but soon realized(eh..read: got exceptions al over the place ;-)) that later implementation has a serious drawback(in mine case) and that is it's tag usage: <s:useActionBean var="xx" bean="foo.Bean" /> <security:allowed bean="xx"> Now, if you have a navigation which is a layout-definition, and you have beans that preload stuff based on some parameter/user input, you are kinda screwed cause your bean cannot be instantiated (if there are exceptions). Also, my navigation contains references to something like 20 or more action beans, so even if it would run without NPE's, preloading all those beans just to check the roles, is a lot of overhead..(especially knowing that calling context.request.isUserInRole(..) should be enough...) oh well, rollback... -m ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
