Hi! again!!
Of course I'm Italian, but at moment I'm living in Spain for work, so just
the same continent .!
At the end I will choose the jsp solution with taglib (I'm gonna write my
permission taglib now!) 'cause reference pages in database can be too much
work and in some case I have permissions at field level.
I think I yet found the solution to make such a taglib generic to re use in
all future applications
I'll do something like that
<permissions:present list="perm1,perm2,perm3">
<!-- write your jsp piece -->
</permissions:present>
<permissions:notPresent list="perm1,perm2,perm3">
<!-- write your jsp piece -->
</permissions:notPresent >
That seems more easy to maintain cause in my application I have just to
maintain the relationship between roles and permissions
Thanks a lot for your help! I hope you enjoy in my country
Alessandro
On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
>
> On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
> > On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote:
> > > Hi! and good morning (but probably we 're on different continents)
>
> Assiming you're in italy, we're in the same country..
>
> > >
> > > I don't undertand the last pos where you say.
> > > >I had the impression he already had.. I don't get how posting this
> > > >helps, i must have misunderstood something.. Can you explain please?
> > >
> > > Anyway thanks for accurate explication.
> > > I'll go studing how to write the filter class
> > > I think that as you say the right way is to have at least one role
> mapped on
> > > web.xml, forbid to delete it from database and ensure all user have
> this
> > > rol.
> > > So I can still use the yet configured container based authentication.
> > > Than check for permission in each page in the filter class, or, i was
> > > thinking check it directly in the jsp.
> > > I was thinking write a taglib to do so. (that should check if the user
> has
> > > at least a role that has at least one of the permissions for this
> page)
> > > Wich is the difference between jsp solution and filter class solution?
> > > Is filter class more secure?
>
> I did forget to outline the advantages of defining this stuff in jsp..
> You don't need to have a reference to the page in your database..
> Which i guess is a big advantage.. Again its your choice..
>
> Mark
>
> >
> > Its more secure in that you don't depend on jsp folk on getting it
> > right, given that your having to do some view controller stuff in your
> > db it would seem a shame not to control this in a filter... You can
> > also disactivate the filter during development and let jsp folk write
> > decent markup, without giving them the secondary problem of secuirty
> > logic.
> >
> > You could just write a simple bean (as an other option) and use the
> > trusty useBean tag, but you'll be depending on jsp folk on getting
> > this right.. A filter is just tidier..
> >
> >
> > > Thanks a lot
> > > Ciao!
> > >
> > > PS . good italian. What does it mean schete?
> > My bad spelling for "scelte"
> >
> > mark
> >
> >
> > >
> > >
> > >
> > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
> > > >
> > > > On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote:
> > > > > Alessandro Colantoni wrote:
> > > > >
> > > > > > Thanks for rapid answer!
> > > > > >What do you mean with filter the roles of second level.
> > > > > >How can I do that? if they are not in the auth-constraint and in
> the
> > > > role
> > > > > >name list they can't access.
> > > > > >have O to write a filter class? in this class retrieve the role
> of the
> > > > user
> > > > > >and if is one of the second level skip the container
> authentication?
> > > > > >I'm in the right way or I misunderstand all?
> > > > > >
> > > > > >
> > > > > Or you could try this:
> > > > > http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html
> > > >
> > > > I had the impression he already had.. I don't get how posting this
> > > > helps, i must have misunderstood something.. Can you explain please?
> > > >
> > > > Mark
> > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
