2012/10/3 Ken McWilliams <ken.mcwilli...@gmail.com>: > Asking for the consideration of a struts2 feature enhancement. > > The roles interceptor depends on container based security, it is a bit > of a pain to set up and portability is complicated by needing to cover > more documentation steps (how to secure your application on Glassfish, > Weblogic, Tomcat...). This is container security and of course not > Struts2s issue but it would be nice it we could use the roles > interceptor by defining a > org.apache.struts2.interceptor.PrincipalProxy implementation and > specifying it with a struts2 constant: > > <constant name="struts.security.principalProxy" > value="com.example.MyPrincipalProxyImpl"/> //default would be > org.apache.struts2.servlet.interceptor.ServletPrincipalProxy > > There is only a few place (that I know of) where the PrincipalProxy > interface aught to be used where currently the request is being used > (aught to be used if implementing this feature). That is in the > "servletConfig" interceptor when setting the PrincipalAware interface > of an action and in the roles interceptor. > > It is not too much work to implement our own interceptors to > facilitate role based access but I think this would be helpful to many > and does not seem to require a radical change to S2 internals, so I > thought I would bring this up in the user forum to see what others > think.
Nice idea, any better modularisation and higher user satisfaction is always welcome (with patch as well ;-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
