On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote: > Hi! again!! > Of course I'm Italian, but at moment I'm living in Spain for work, so just > the same continent .! > At the end I will choose the jsp solution with taglib (I'm gonna write my > permission taglib now!) 'cause reference pages in database can be too much > work and in some case I have permissions at field level. > I think I yet found the solution to make such a taglib generic to re use in > all future applications > I'll do something like that > <permissions:present list="perm1,perm2,perm3"> > <!-- write your jsp piece --> > </permissions:present> > <permissions:notPresent list="perm1,perm2,perm3"> > <!-- write your jsp piece --> > </permissions:notPresent >
Hang on!!! You've an admin form where you have dynamic roles, right? And you've no means of knowing what these will be.. And what they are denying access to.. Doing this with your proposed taglib wont help solve this.. Your tag or jsp bean is going to have to ask the database which roles have what access to a given page.. Your stuck needing a reference to the user action/jsp in the database. You could have a properties file mapping jsp's to a key and keep that in the db. But you're going to need this to have truely dynamic roles to view access control.. Mark > > That seems more easy to maintain cause in my application I have just to > maintain the relationship between roles and permissions > > Thanks a lot for your help! I hope you enjoy in my country > Alessandro > > > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > > On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote: > > > > Hi! and good morning (but probably we 're on different continents) > > > > Assiming you're in italy, we're in the same country.. > > > > > > > > > > I don't undertand the last pos where you say. > > > > >I had the impression he already had.. I don't get how posting this > > > > >helps, i must have misunderstood something.. Can you explain please? > > > > > > > > Anyway thanks for accurate explication. > > > > I'll go studing how to write the filter class > > > > I think that as you say the right way is to have at least one role > > mapped on > > > > web.xml, forbid to delete it from database and ensure all user have > > this > > > > rol. > > > > So I can still use the yet configured container based authentication. > > > > Than check for permission in each page in the filter class, or, i was > > > > thinking check it directly in the jsp. > > > > I was thinking write a taglib to do so. (that should check if the user > > has > > > > at least a role that has at least one of the permissions for this > > page) > > > > Wich is the difference between jsp solution and filter class solution? > > > > Is filter class more secure? > > > > I did forget to outline the advantages of defining this stuff in jsp.. > > You don't need to have a reference to the page in your database.. > > Which i guess is a big advantage.. Again its your choice.. > > > > Mark > > > > > > > > Its more secure in that you don't depend on jsp folk on getting it > > > right, given that your having to do some view controller stuff in your > > > db it would seem a shame not to control this in a filter... You can > > > also disactivate the filter during development and let jsp folk write > > > decent markup, without giving them the secondary problem of secuirty > > > logic. > > > > > > You could just write a simple bean (as an other option) and use the > > > trusty useBean tag, but you'll be depending on jsp folk on getting > > > this right.. A filter is just tidier.. > > > > > > > > > > Thanks a lot > > > > Ciao! > > > > > > > > PS . good italian. What does it mean schete? > > > My bad spelling for "scelte" > > > > > > mark > > > > > > > > > > > > > > > > > > > > > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > > > > > > > > > > On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote: > > > > > > Alessandro Colantoni wrote: > > > > > > > > > > > > > Thanks for rapid answer! > > > > > > >What do you mean with filter the roles of second level. > > > > > > >How can I do that? if they are not in the auth-constraint and in > > the > > > > > role > > > > > > >name list they can't access. > > > > > > >have O to write a filter class? in this class retrieve the role > > of the > > > > > user > > > > > > >and if is one of the second level skip the container > > authentication? > > > > > > >I'm in the right way or I misunderstand all? > > > > > > > > > > > > > > > > > > > > Or you could try this: > > > > > > http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html > > > > > > > > > > I had the impression he already had.. I don't get how posting this > > > > > helps, i must have misunderstood something.. Can you explain please? > > > > > > > > > > Mark > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
