Hey, I'm not working! I'm avoiding doing some DIY!!! :)
Sorry for you though. I guess someone always has to work.
Actually I love CMA, but what put me off a while ago was when I realised
that CMA requires an implementation on the browser side that requires
the user to stay in SSL after HTTPS authentication - I wanted to encrypt
the password and then switch back out of SSL again to HTTP. CMA won't
let you do that. You lose access to the user & roles objects.
Hope you get a break soon.
Adam
On 30/05/05 13:03 Martin Gainty wrote:
Adam
I would take a look at finer grained security available thru
security-constraints and web-resource-collection
identifying the HTTP Method access capability for a specific role
http://developers.sun.com/prodtech/appserver/reference/techart/access_control.html
(If its any consolation you're not the only one that does NOT get today
off as a paid holiday)
Martin-
----- Original Message ----- From: "Eddie Bush" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <user@struts.apache.org>
Sent: Monday, May 30, 2005 2:10 AM
Subject: Re: Security in Struts
Adam,
Nothing put me off CMA :-) I think it's fantastic, if it fits your
ticket. Unfortunately, in the environment I currently build apps for,
CMA is not feasible. Sometimes you get your druthers - sometimes you
look at the standard and decide how you can have your druthers, even
if others are busily trying to snatch them from your grasp!
Ah - you're talking about my touting this as the "best approach", I
bet. Well, I'd rather use CMA where it's available, so I suppose I
misrepresented myself a tad. I like the approach I represented better
than what I've seen others in my shop take. Essentially, instead of
taking advantage of things that exist in the Servlet spec, they take
it upon themselves to create their own proprietary way of doing things
... and it varies by application! I'm working on them ... only been
there a year - can't change everyone overnight ;-)
Happy Memorial Day Everyone! :-D ... back to work Tuesday :-( ...
vacation coming soon though! :-D
Later :-)
Eddie
----- Original Message ----- From: "Adam Hardy"
<[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <user@struts.apache.org>
Sent: Sunday, May 29, 2005 6:32 PM
Subject: Re: Security in Struts
Eddie,
what put you off CMA?
if you don't mind me asking.
Adam
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0521-5, 05/29/2005
Tested on: 5/30/2005 1:10:55 AM
avast! - copyright (c) 2000-2004 ALWIL Software.
http://www.avast.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
