Hi All,
I'm working in a an application using Turbine and I'm having a
problem with the security model (the most likely is that
I'm missing something). I create a few more roles besides the one
defined by default. I want those roles to be able to access
some new screen I'm creating.
In the class SecureScreen I'm adding the next code:
protected boolean isAuthorized( RunData data ) throws Exception
{
boolean isAuthorized = false;
AccessControlList acl = data.getACL();
if (acl!=null && (acl.hasRole("turbine_root")
|| acl.hasRole(GlobalConstant.ROLE_1)
|| acl.hasRole(GlobalConstant.ROLE_2)
|| acl.hasRole(GlobalConstant.ROLE_3)
)
)
{
isAuthorized = true;
}
else
{
data.getTemplateInfo().setScreenTemplate(
TurbineResources.getString("template.login"));
data.setScreen(TurbineResources.getString("screen.login"));
isAuthorized = false;
}
return isAuthorized;
}
I'm doing the same in SecureAction. I'm under the impression that
those are the only two places that I have to modify to let an user
access my app. This is working fine when I'm trying to access an URL
that has an Screen class associated with it (and then a Velocity
Template), but it is not working when I try to access an URL that has
just a Velocity Template.
1) URL -> Screen class -> template (ok)
2) URL -> template (does not work).
I've dig a little in the code and it seems that in the second case
the request never access the code I edit in SecureScreen, so there might
be a different place to add that validation logic? I would appreciate
any help or advice regarding this problem.
Thanks in advance.
andres
--
=============================================
Andres G. Portillo D.
Software Engineer
Veratech (www.veratech.com.mx)
=============================================
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
