Hi Mark
Just to tell that I finished my job and all work well.
Thanks a lot to guide me
Now I have a taglib that does for example
<perm:present list="1,4,21,33" all="false"
do your job
</perm>
if the user in session is related with at least one role that is related
with at least one of the permissions in list the job is done.
On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]> wrote:
>
> On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
> >Hang on!!! You've an admin form where you have dynamic roles, right?
> >And you've no means of knowing what these will be.. And what they are
> >denying access to.. Doing this with your proposed taglib wont help
> >solve this.. Your tag or jsp bean is going to have to ask the database
> >which roles have what access to a given page.
> Right! that was what I was going to do , but you scared me!
>
> I don't understand why I need a reference to the user action/jsp in the
> database
> Roles are dynamic, relationships between roles and permissions are dynamic
> too, but permissions on jsp and single objects of jsp are static.
> In my jsp, I fix statically which permissions are .
> My taglib just has to verify if the user has one of the role with
> specified permissions(perm1 , perm2) querying the database to decide if to
> show the page, if to show a denying message, or show fields editable or not.
>
>
> Alessandro
>
>
>
>
> On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
> >
> > On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED] >
> > wrote:
> > > Hi! again!!
> > > Of course I'm Italian, but at moment I'm living in Spain for work, so
> > just
> > > the same continent .!
> > > At the end I will choose the jsp solution with taglib (I'm gonna write
> > my
> > > permission taglib now!) 'cause reference pages in database can be too
> > much
> > > work and in some case I have permissions at field level.
> > > I think I yet found the solution to make such a taglib generic to re
> > use in
> > > all future applications
> > > I'll do something like that
> > > <permissions:present list="perm1,perm2,perm3">
> > > <!-- write your jsp piece -->
> > > </permissions:present>
> > > <permissions:notPresent list="perm1,perm2,perm3">
> > > <!-- write your jsp piece -->
> > > </permissions:notPresent >
> >
> > Hang on!!! You've an admin form where you have dynamic roles, right?
> > And you've no means of knowing what these will be.. And what they are
> > denying access to.. Doing this with your proposed taglib wont help
> > solve this.. Your tag or jsp bean is going to have to ask the database
> > which roles have what access to a given page..
> >
> > Your stuck needing a reference to the user action/jsp in the database.
> > You could have a properties file mapping jsp's to a key and keep that
> > in the db. But you're going to need this to have truely dynamic roles
> > to view access control..
> >
> > Mark
> >
> > >
> > > That seems more easy to maintain cause in my application I have just
> > to
> > > maintain the relationship between roles and permissions
> > >
> > > Thanks a lot for your help! I hope you enjoy in my country
> > > Alessandro
> > >
> > >
> > >
> > > On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
> > > >
> > > > On 3/17/06, Mark Lowe < [EMAIL PROTECTED]> wrote:
> > > > > On 3/17/06, Alessandro Colantoni <[EMAIL PROTECTED]>
> > wrote:
> > > > > > Hi! and good morning (but probably we 're on different
> > continents)
> > > >
> > > > Assiming you're in italy, we're in the same country..
> > > >
> > > > > >
> > > > > > I don't undertand the last pos where you say.
> > > > > > >I had the impression he already had.. I don't get how posting
> > this
> > > > > > >helps, i must have misunderstood something.. Can you explain
> > please?
> > > > > >
> > > > > > Anyway thanks for accurate explication.
> > > > > > I'll go studing how to write the filter class
> > > > > > I think that as you say the right way is to have at least one
> > role
> > > > mapped on
> > > > > > web.xml, forbid to delete it from database and ensure all user
> > have
> > > > this
> > > > > > rol.
> > > > > > So I can still use the yet configured container based
> > authentication.
> > > > > > Than check for permission in each page in the filter class, or,
> > i was
> > > > > > thinking check it directly in the jsp.
> > > > > > I was thinking write a taglib to do so. (that should check if
> > the user
> > > > has
> > > > > > at least a role that has at least one of the permissions for
> > this
> > > > page)
> > > > > > Wich is the difference between jsp solution and filter class
> > solution?
> > > > > > Is filter class more secure?
> > > >
> > > > I did forget to outline the advantages of defining this stuff in
> > jsp..
> > > > You don't need to have a reference to the page in your database..
> > > > Which i guess is a big advantage.. Again its your choice..
> > > >
> > > > Mark
> > > >
> > > > >
> > > > > Its more secure in that you don't depend on jsp folk on getting it
> >
> > > > > right, given that your having to do some view controller stuff in
> > your
> > > > > db it would seem a shame not to control this in a filter... You
> > can
> > > > > also disactivate the filter during development and let jsp folk
> > write
> > > > > decent markup, without giving them the secondary problem of
> > secuirty
> > > > > logic.
> > > > >
> > > > > You could just write a simple bean (as an other option) and use
> > the
> > > > > trusty useBean tag, but you'll be depending on jsp folk on getting
> >
> > > > > this right.. A filter is just tidier..
> > > > >
> > > > >
> > > > > > Thanks a lot
> > > > > > Ciao!
> > > > > >
> > > > > > PS . good italian. What does it mean schete?
> > > > > My bad spelling for "scelte"
> > > > >
> > > > > mark
> > > > >
> > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > On 3/17/06, Mark Lowe < [EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > > On 3/17/06, Mark Space <[EMAIL PROTECTED]> wrote:
> > > > > > > > Alessandro Colantoni wrote:
> > > > > > > >
> > > > > > > > > Thanks for rapid answer!
> > > > > > > > >What do you mean with filter the roles of second level.
> > > > > > > > >How can I do that? if they are not in the auth-constraint
> > and in
> > > > the
> > > > > > > role
> > > > > > > > >name list they can't access.
> > > > > > > > >have O to write a filter class? in this class retrieve the
> > role
> > > > of the
> > > > > > > user
> > > > > > > > >and if is one of the second level skip the container
> > > > authentication?
> > > > > > > > >I'm in the right way or I misunderstand all?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > Or you could try this:
> > > > > > > > http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html
> > > > > > >
> > > > > > > I had the impression he already had.. I don't get how posting
> > this
> > > > > > > helps, i must have misunderstood something.. Can you explain
> > please?
> > > > > > >
> > > > > > > Mark
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
