Hi,
My first thought on this proposal would be that you're putting business logic into the presentation layer. I'm afraid I haven't time at present to formulate a 'neater' solution.
Regards,
Sean
| "Matt Raible" <[EMAIL PROTECTED]>
30/11/2001 21:37
|
To: <[EMAIL PROTECTED]> cc: Subject: Proposal for form-based security |
Everyone,
I'm thinking about developing an extension for Struts and wanted to see what
you developers think before I build it. Building off of Nic Hobb's
Role-based Actions, I'd like to add the ability to control a form's look and
feel based on the user's role. Basically, what I hope to do is add
declarative security to struts-config.xml so that form fields can be
write-able, read-only, or hidden based on the user's role.
My idea is to add a <security> element to the <form-bean> declaration - like
so:
<form-bean name="firstForm"
type="org.apache.struts.webapp.example.FirstForm">
<security fields="field1,field2,field3"
(inRole | notRole)="readOnly1,readOnly2"
type="readOnly"/>
</form-bean>
fields = comma delimited list you want to set security for.
inRole or notRole = comma delimited list of roles that this applies to
type = flag to indicate type of security
readOnly - adds disabled="disabled" to html controls (struts html
tag that builds html)
hidden - changes control from type="*" to type="hidden" OR doesn't
even put the name/value on the page
write - default (shouldn't need to be used)
Let me know what you think. I receive a fair amount of positive feedback,
I'll write the extension and a sample app to go with it.
Thanks,
Matt
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
winmail.dat
Description: Binary data
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
