I am trying to limit access to screens based on the parameters in the url.
e.g.
http://localhost/test/servlet/test/ViewData.vm/data/0
vs.
http://localhost/test/servlet/test/ViewData.vm/data/1
Some users are allowed to see '0' others are allowed to see '1'. So in the
isAuthorized() of the base secure screen the data parameter is checked
against the user to see if the user has access. If they don't have access
the screen template is set to an "access denied" template. All the (java)
screens inherit from this base secure screen.
However, this does not always work correctly. For instance, user Foo can
click on the link to let them view data 0. Then, say user Foo changes the
url in the browser to point to data 1, which should not be allowed. The data
loads, and a Log statement I have in the doBuildTemplate() of the class that
inherits from he secure screen appears. Thus, the doBuildTemplate() method
is executed without the isAuthorized() method being executed.
How can this happen? It seems semi-random, i.e. if I hit reload again,
sometimes I get the correct behavior.
Is it possible for a screen sub-class to have its doBuildTemplate() method
called without the secure super-class's isAuthorized() being called first?
Confused,
Finn
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
