Re: mixing public and private pages

Fri, 28 Jul 2000 20:00:16 -0700 

Hmmm...I like your way better than the one described in the fsd.  Thanks. 
Though for this particular job, I think I'll do it with the properties file.  I
have this suspicion that the client might change his mind about which pages are
secure, and I don't want to have to recompile if (when) he changes his mind.

-- Travis

Christopher Elkins wrote:
> 
> > What's the preferred way to mix public and private pages within a
> > single JServ servlet zone?  The FSD doc says:
> >
> > "...for the pages that you will want to make secure, you should define
> > a Layout that executes the SessionValidator action to make things
> > secure. Then, your Screens should call that "secure" Layout."
> >
> > It seems simpler to use a custom SessionValidator whose
> > requiresNewSession() method would return false for the public
> > screens.  Those screen names could be listed in a properties file
> > somewhere.  Is that a bad idea?
> >
> Bad idea? No, not really. Perhaps a bit impure from an OO viewpoint, though.
> 
> Here's another possible impl:
>     1. Define a SecureScreen class that extends Screen.
>     2. Make your non-public screens extend SecureScreen and your public screens
> extend Screen.
>     3. Impl SecureScreen.build() to look something like this:
> 
>         protected ConcreteElement build(RunData datd) {
>             // Perform authorization
>             if (isAuthorizedUser(data)) {
>                 return doBuild(data);
>             } else {
>                 throw new Exception("User is not authorized to view this
> scren.");
>                 // or return some error message
>             }
>         }
> 
>         private boolean isAuthorizedUser(RunData data) {
>             // Perform SessionValidator check here.
>         }
> 
> Note: If you want to mix WebMacro and non-WebMacro secure screens, you'll have
> to define two new base classes - SecureScreen (extends Screen) and
> SecureWebMacroSiteScreen (extends WebMacroSiteScreen). Ah, the dilemmas of
> single-inheritance. ;-)
> 
> More info:
> <http://www.mail-archive.com/[email protected]/msg01598.html>


------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]

Reply via email to