Re: [Wicket-develop] protectection of internal bookmarkable pages

Fri, 21 Apr 2006 00:48:10 -0700 

I would vote for option 1.
The con could be largely negated if we have some sort of tagging
ISecurePage interface.
these internal pages would then implement this interface, custom
strategys could then easily check for these type of pages. If i am not
mistaken this is already the way the strategys are supposed to work.

Maurice

On 4/21/06, Eelco Hillenius <[EMAIL PROTECTED]> wrote:
> Currently we don't protect internal pages like the inspector bug page.
> We should of course, but the question is what would be the best way to
> do this. I think we have two opions:
>
> 1) Do it with the normal IAuthorizationStrategy. In this case, instead
> of the current installation of IAuthorizationStrategy.ALLOW_ALL, we
> would have a default strategy that would either allow all when in
> development mode, or deny all internal pages in production mode.
> * pro: consistent approach to all authorization
> * con: if you install a custom authorization strategy you have to know
> about this/ custom strategies have to consider these internal pages as
> special cases.
>
> 2) Do it with a seperate IAuthorizationStrategy. For instance, besides
> the current ISecuritySettings.get/setAuthorizationStrategy there would
> be something like
> ISecuritySettings.get/setInternalAuthorizationStrategy. Again, in dev
> mode, this would default to an allow all strategy, and in production
> mode a deny all.
> * the pros/cons are the oposite of the ones of 1)
>
> Any thoughts on this?
>
> Eelco
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmdlnk&kid0709&bid&3057&dat1642
> _______________________________________________
> Wicket-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/wicket-develop
>


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Wicket-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-develop

Reply via email to