Re: Securing DispatchActions

2006-05-04 Thread Frank W. Zammetti
On Thu, May 4, 2006 2:37 pm, Dave Newton said: > Frank W. Zammetti wrote: >> What if you simply are not allowed to include security >> mechanisms in your application? (configuring groups isn't considered "in >> the application"). > > Not allowed? Don't tell 'em ;) I've done plenty of that :) Some

Re: Securing DispatchActions

2006-05-04 Thread Dave Newton
Frank W. Zammetti wrote: > What if you simply are not allowed to include security > mechanisms in your application? (configuring groups isn't considered "in > the application"). Not allowed? Don't tell 'em ;) > Well, I can kind of answer my own question... of > course we *are* allowed to see wh

Re: Securing DispatchActions (was: How to avoid lots of "if else" in Action class.)

2006-05-04 Thread Frank W. Zammetti
Didn't want to hijack a thread, so... On Thu, May 4, 2006 2:21 pm, Dave Newton said: > Frank W. Zammetti wrote: >> I.e., you want /showAccount.do accessible to the AccountManager and >> Customer roles, but you only want /updateAccount.do accessible to the >> AccountManager role? As I understand i