>If you are using J2EE container managed security, why not use the
standard
>declarative security constraint on a url-pattern? You then assign
roles
>to the constraint and to groups and/or users.
>
>Gary
Thanks Gary,
Maybe I'm misunderstanding Craig's response (below). Perhaps he is
referring to page-by-page control, while you are referring to a url
pattern that encompasses all contents of a folder (/members_only/*). Is
that the subtle difference here?
> Shale's filters do indeed intercept whatever requests it is mapped to,
> but there are two important things to understand with respect to
> container managed security:
>
> * Container managed security is applied *before* any filters
> (including the one that Shale provides).
>
> * Container managed security is applied *only* on the
> initial request, not on RequestDispatcher.forward() calls.
> In JSF (and therefore Shale) apps, that means you can
> protect the incoming form submits (they will be mapped
> to something like "/editCustomer.jsf" if you are using
> extension mapping, and the page being submitted was
> "/editCustomer.jsp").
>
> The second issue means that it is your application's responsibility to
> decide whether or not the user should be allowed to navigate to a
> particular page. Container managed security won't help you there. That
> being said, it might be interesting for Shale to deliver a custom JSF
> navigation handler that would optionally impose that sort of control
> ("only a manager can navigate to the salary details page").
>
> Craig
>
> -----Original Message-----
> > From: James Reynolds [mailto:[EMAIL PROTECTED]
> > Sent: Friday, March 03, 2006 3:02 PM
> > To: Struts Users Mailing List
> > Subject: Shale & Container Managed Security
> >
> >
> > I'm a newbie setting up container managed security for a basic
> > Shale-blank application. For my first attempt, I'm trying a simple
> > BASIC authentication but I'm having troubles so I'm trying to rule
out
>
> > the unknowns.
> >
> > My question for this list is, does Shale have an impact on
traditional
>
> > Container Managed Security Methods?
> >
> > Thanks
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
