.xml) for resource
> authorization. Is this a good idea? Is it enough?
>
> -Oorspronkelijk bericht-
> Van: CRANFORD, CHRIS [mailto:chris.cranf...@setech.com]
> Verzonden: maandag 9 augustus 2010 15:50
> Aan: Struts Users Mailing List
> Onderwerp: RE: URL authentication
>
>
: URL authentication
Pattern A:
/unsecured/*
Run whatever unsecured interceptors on these. This would not include the
authentication interceptor or the allowed resource check interceptor. That's
because these are considered OPEN to everyone.
Pattern B:
/secured/*
Run the authentic
simply
logout and back in and the access is fixed.
Lots of ways to do it, but I would keep them separate.
Chris
> -Original Message-
> From: Dave Newton [mailto:davelnew...@gmail.com]
> Sent: Monday, August 09, 2010 6:23 AM
> To: Struts Users Mailing List
> Subject: Re:
FWIW, I wouldn't combine the two into the same interceptor since they're
rather different things... plus resource access is more likely to take place
in a different layer, and not be a cross-cutting concern.
Dave
On Mon, Aug 9, 2010 at 3:07 AM, Rahul Mohan wrote:
> I think we are mixing two iss
I think we are mixing two issues here. Authentication deals with verifying
whether a user is what he/she claims to be and authorization is the
mechanism for checking whether someone has access to a particular
resource.
The standard practice is to prevent unauthenticated users from accessing
a
5 matches
Mail list logo
