struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amol Ghotankar <ghotankaru...@gmail.com>
Subject Re: Authorization Best Practices
Date Wed, 07 Jul 2010 17:28:47 GMT
Dear List members,

1.  decide which action are allowed and which are not,

What I used was a spring AOP which intercepted Struts 2 actions, this was
very simple and straight forward.

2 . decide how much data to access.

This I am really working something where struts2 intercepter will read what
role the user has and set some global role for that reqest which will be
read by dao to use to fetch the data.

3. Regarding Notice

I think somehow my firewall intercepted it and added to the mail, I am sorry
for it.

On Wed, Jul 7, 2010 at 7:52 PM, Brian Thompson <elephantium@gmail.com>wrote:

> On Wed, Jul 7, 2010 at 8:31 AM, Dale Newfield <dale@newfield.org> wrote:
> > Including a notice like this on a request for help sent to a public,
> > archived mailing list is obnoxious.  JSYK, I've been seriously
> considering
> > instituting a personal policy whereby I will never respond to such
> messages.
> >
> > -Dale
>
> I think you mistyped "Including a notice like this in an email" ;)
>
> I really don't get where all these "OMG CONFIDENTIAL" notices come
> from.  One wouldn't use postcards to snail-mail confidential
> information.
>
> As to authorization - I agree that Spring Security is a good way to go.
>
> -Brian
>



-- 


With Best Regards,

Amol Ghotankar

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message