On 3/3/06, James Reynolds <[EMAIL PROTECTED]> wrote:
>
> Allow me to refine my question. I'm wondering if the Shale filter is
> intercepting requests to the container. Do I need to adjust the filter
> mapping? Is there an FM somewhere that I should R?
Shale's filters do indeed intercept whatever requests it is mapped to, but
there are two important things to understand with respect to container
managed security:
* Container managed security is applied *before* any filters
(including the one that Shale provides).
* Container managed security is applied *only* on the
initial request, not on RequestDispatcher.forward() calls.
In JSF (and therefore Shale) apps, that means you can
protect the incoming form submits (they will be mapped
to something like "/editCustomer.jsf" if you are using
extension mapping, and the page being submitted was
"/editCustomer.jsp").
The second issue means that it is your application's responsibility to
decide whether or not the user should be allowed to navigate to a particular
page. Container managed security won't help you there. That being said, it
might be interesting for Shale to deliver a custom JSF navigation handler
that would optionally impose that sort of control ("only a manager can
navigate to the salary details page").
Craig
-----Original Message-----
> From: James Reynolds [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 03, 2006 3:02 PM
> To: Struts Users Mailing List
> Subject: Shale & Container Managed Security
>
>
> I'm a newbie setting up container managed security for a basic
> Shale-blank application. For my first attempt, I'm trying a simple
> BASIC authentication but I'm having troubles so I'm trying to rule out
> the unknowns.
>
> My question for this list is, does Shale have an impact on traditional
> Container Managed Security Methods?
>
> Thanks
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
