on 2/4/00 7:17 PM, Kevin A. Burton <[EMAIL PROTECTED]> wrote:
> This forces the user to always use the default screen (which usually
> within Turbine has a login prompt) and doesn't allow them to hit any
> other screens.
>
> Do we want this as the default behavior? It is easy to write your own
> SessionValidator (and this is probably what I am going to do).
>
> This initially strikes me as unusual. However, I have been wrong
> before.
>
> Kevin
For Jyve, I just wrote my own SessionValidator. I think that in 99% of the
cases, you will end up rolling your own or using someone elses.
As far as defaults are concerned...I would rather have the code in there as
an example of how to secure things rather than an example of how to unsecure
things. ;-)
Also, we still need to work out a *simple* way to secure screens/actions/etc
without having to subclass an existing secure screen/action/etc. I'm
thinking that by just defining a blank interface, instance of should be
enough and easy to check.
-jon
--
Come to the first official Apache Software Foundation
Conference! <http://ApacheCon.Com/>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
