Hi! again!! Of course I'm Italian, but at moment I'm living in Spain for work, so just the same continent .! At the end I will choose the jsp solution with taglib (I'm gonna write my permission taglib now!) 'cause reference pages in database can be too much work and in some case I have permissions at field level. I think I yet found the solution to make such a taglib generic to re use in all future applications I'll do something like that <permissions:present list="perm1,perm2,perm3"> <!-- write your jsp piece --> </permissions:present> <permissions:notPresent list="perm1,perm2,perm3"> <!-- write your jsp piece --> </permissions:notPresent >
That seems more easy to maintain cause in my application I have just to maintain the relationship between roles and permissions Thanks a lot for your help! I hope you enjoy in my country Alessandro On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote: > > > Hi! and good morning (but probably we 're on different continents) > > Assiming you're in italy, we're in the same country.. > > > > > > > I don't undertand the last pos where you say. > > > >I had the impression he already had.. I don't get how posting this > > > >helps, i must have misunderstood something.. Can you explain please? > > > > > > Anyway thanks for accurate explication. > > > I'll go studing how to write the filter class > > > I think that as you say the right way is to have at least one role > mapped on > > > web.xml, forbid to delete it from database and ensure all user have > this > > > rol. > > > So I can still use the yet configured container based authentication. > > > Than check for permission in each page in the filter class, or, i was > > > thinking check it directly in the jsp. > > > I was thinking write a taglib to do so. (that should check if the user > has > > > at least a role that has at least one of the permissions for this > page) > > > Wich is the difference between jsp solution and filter class solution? > > > Is filter class more secure? > > I did forget to outline the advantages of defining this stuff in jsp.. > You don't need to have a reference to the page in your database.. > Which i guess is a big advantage.. Again its your choice.. > > Mark > > > > > Its more secure in that you don't depend on jsp folk on getting it > > right, given that your having to do some view controller stuff in your > > db it would seem a shame not to control this in a filter... You can > > also disactivate the filter during development and let jsp folk write > > decent markup, without giving them the secondary problem of secuirty > > logic. > > > > You could just write a simple bean (as an other option) and use the > > trusty useBean tag, but you'll be depending on jsp folk on getting > > this right.. A filter is just tidier.. > > > > > > > Thanks a lot > > > Ciao! > > > > > > PS . good italian. What does it mean schete? > > My bad spelling for "scelte" > > > > mark > > > > > > > > > > > > > > > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > > > > > > > On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote: > > > > > Alessandro Colantoni wrote: > > > > > > > > > > > Thanks for rapid answer! > > > > > >What do you mean with filter the roles of second level. > > > > > >How can I do that? if they are not in the auth-constraint and in > the > > > > role > > > > > >name list they can't access. > > > > > >have O to write a filter class? in this class retrieve the role > of the > > > > user > > > > > >and if is one of the second level skip the container > authentication? > > > > > >I'm in the right way or I misunderstand all? > > > > > > > > > > > > > > > > > Or you could try this: > > > > > http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html > > > > > > > > I had the impression he already had.. I don't get how posting this > > > > helps, i must have misunderstood something.. Can you explain please? > > > > > > > > Mark > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >