struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <d...@newfield.org>
Subject Re: Authorization Best Practices
Date Wed, 07 Jul 2010 17:34:39 GMT
On 7/7/10 1:28 PM, Amol Ghotankar wrote:
> 2 . decide how much data to access.
>
> This I am really working something where struts2 intercepter will read what
> role the user has and set some global role for that reqest which will be
> read by dao to use to fetch the data.

The interceptor cannot know independent of the action/business logic 
what data will need to be fetched.  I don't think you can solve this 
problem within struts  Even if you do, you've then built a toolset that 
doesn't include any of these access restrictions in otherwise exposed 
services.

-Dale

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message