Hello folks,
I am working on a DVB(Digital video broadcasting) content management
webapp, which is based on the struts framework. It mainly includes application,
service,network, user,broadcasting management & etc. The system is originally
designed almost without considering security issues, i.e almost all operations
are done without permission check.
Later on, I spent quite a few days attempting to implement a General permission
control arch. with Dynamic Proxy, which checks a method's permission at runtime by
it's name.
But soonly found out that this sytem's methods' naming are really a mess. For ex,
some methods are called "del" which actually does the "remove" operation, & vice versa.
Even worse, same type of methods takes very different type of arguments ----
a DVBUserManager.removeUser takes a DVBUser object as argument, and a
DVBNetworkManager takes
a DVBNetwork object as argument.
So .. I found then I was endlessly adding bunches of "if" to handle different
specific
methods in the Dynamic Proxy class.
My question is, is there any good permission control framework provided
directly/indirectly
for Struts/Tomcat based applications ?
If not, would you please suggest some others?
Thank you.
--
Yours,
<<<::::: D i n g L e i ::::::>>
|| ||
|| Ext: 8106 ||
|| Email: <dinglei [A] ipanel [O] cn> ||
|| Dept. Of Technology/Engineering ||
|| Embedded Internet Solutions Inc. ||
|| ||
<(((((( ===================== )))))>>>
The economy depends about as much on economists as the weather does on
weather forecasters.
-- Jean-Paul Kauffmann
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
