-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Konstantin,
On 6/8/12 7:06 AM, Konstantin Kolinko wrote: > Specifically I do not like hard-coding role names into code. I > think there could be some helper component that could help in > access checks. (To be discussed separately). It will need some > model to map access checks to roles. I was thinking that we would just define the roles and apply them to to URLs that perform those actions. For example, "manager-gui-deploy" would be able to invoke /manager/html/deploy The same would be true for the other operations. > What should we do with "list applications" page? Should it filter > itself and hide unaccessible actions? I think that is what will be > asked next. That's a good question, and you're right: we'd need to perform access-checks in the page which is ugly, though a fairly standard practice in many web applications. The good news is that we don't support 500 operations so fully-supporting them all shouldn't be too bad if we wanted to hide unavailable options. Isn't there already this problem with the "status" role versus all of the roles that can actually do things like deploy, etc.? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/UtL8ACgkQ9CaO5/Lv0PA1PACfcIw/JWgR6y1jSdp2gtSoZk57 LZAAn1gwwGK2iN16GHFDx0EbMgFwDmmf =3M9+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
