Re: [appfuse-user] Table Record Security in S2

Tue, 29 May 2007 03:16:21 -0700 

I used a Struts interceptor to do the same.

I've got a similar security constraint, but I want to apply it at the URL
level.  I started with an Acegi solution, but scrapped it because Acegi's
normal security mechanism (as implemented in AppFuse) doesn't have access to
the URL information, so there was no way to see what page was being accessed
via Acegi.  I also wanted to send the user to a specific page if they were
not allowed to access the page.

Per your database ID security-constraint, my logged in user would access a
url like:
    http://myserver/somePage.html?id=1

and I want to make sure that the currently logged in user has permissions to
access id=1 before rendering the page.

I used a Struts interceptor, since the security was a function of the
currently logged in user, and the URL id.  I figure that Struts is meant to
deal with request level stuff, so this is the right place for security
checking like this.  AppFuse has sample code if you check the struts.xml
file for:
   <interceptor name="adminOnly" class="adminInterceptor"/>
And check the java sources out.

I'd be curious to hear how an ACL solution turns out.

-Jason



Michael Horwitz wrote:
> 
> Acegi can handle this kind of security using Access Control Lists (ACL).
> See
> http://www.acegisecurity.org/docbook/acegi.html#domain-acls.
> 
> Mike
> On 5/27/07, Ömer Başar <[EMAIL PROTECTED]> wrote:
> 
>>
>> Hi all,
>>
>> Lets think about two records with ids 1 and 2. One user has the
>> permission
>> only to view record with id 1 and another user can only view record with
>> id=2. Here is the question - How do you manage this type of security? Is
>> this type of security can be defined with acegi?
>>
>> Thanks.
>> --
>> View this message in context:
>> http://www.nabble.com/Table-Record-Security-in-S2-tf3825144s2369.html#a10828854
>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Table-Record-Security-in-S2-tf3825144s2369.html#a10851276
Sent from the AppFuse - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to