You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by Cagatay Civici <ca...@gmail.com> on 2006/11/14 13:20:06 UTC
[announcement] new security extensions
Hi,
There is a new EL extension in sandbox for security purposes.
The basic usage is like #{securityContext.ifGranted['rolename']}
Here is the wiki;
http://wiki.apache.org/myfaces/SecurityContext
As mentioned in the wiki user-role Awareness attributes enabledOnUserRole
and visibleOnUserRole will be deprecated in the future.
Regards,
Cagatay
Re: [announcement] new security extensions
Posted by Martin Marinschek <ma...@gmail.com>.
Hi Cagatay,
great addition to MyFaces! Thanks...
regards,
Martin
On 11/14/06, Cagatay Civici <ca...@gmail.com> wrote:
> Hi,
>
> There is a new EL extension in sandbox for security purposes.
>
> The basic usage is like #{securityContext.ifGranted['rolename']}
>
> Here is the wiki;
>
> http://wiki.apache.org/myfaces/SecurityContext
>
> As mentioned in the wiki user-role Awareness attributes enabledOnUserRole
> and visibleOnUserRole will be deprecated in the future.
>
> Regards,
>
> Cagatay
>
--
http://www.irian.at
Your JSF powerhouse -
JSF Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
Re: [announcement] new security extensions
Posted by Mario Ivankovits <ma...@ops.co.at>.
Hey!
>> This one is really interesting, though, instead of a simple error
>> message I'd prefer something like invoking a navigation,
> For this I can add a optional ActionListner or NavigationHandler for a
> error or not authorised page
Ok.
>> delegating the action to be taken to the user defined security context
>> implementation.
> I don't like a different security context I prefer to ask the
> container for the users defined roles
Sure, and the default should do it, but - maybe a uncommon setup - we
use a security thing here which is much more powerful than a simple
isInRole (don't know the name now).
So having the possibility to change the real implementation of the
security lookup is a great thing here, the default can simply use the
container stuff.
>> We should discuss with the tobago guys if stuff like this (not directly
>> tobago related) wouldn't fit better in our sandbox15, shouldn't we?
>
> Maybe the sandbox15 is a right place but is the sandbox not a tomahawk
> subproject. One thing is tobago related the button is disabled if the
> user is not allowd to invoke this method binding. But this can be
> extracted.
Yea, would be great if we can refactor it to make it work in both
environments.
Ciao,
Mario
Re: [announcement] new security extensions
Posted by Bernd Bohmann <be...@atanion.com>.
Hello Mario,
Mario Ivankovits wrote:
> Hi Matthias!
>> http://svn.apache.org/viewvc/myfaces/tobago/trunk/contrib/security/
> This one is really interesting, though, instead of a simple error
> message I'd prefer something like invoking a navigation,
For this I can add a optional ActionListner or NavigationHandler for a
error or not authorised page
or even better
> delegating the action to be taken to the user defined security context
> implementation.
I don't like a different security context I prefer to ask the container
for the users defined roles
> We should discuss with the tobago guys if stuff like this (not directly
> tobago related) wouldn't fit better in our sandbox15, shouldn't we?
Maybe the sandbox15 is a right place but is the sandbox not a tomahawk
subproject. One thing is tobago related the button is disabled if the
user is not allowd to invoke this method binding. But this can be
extracted.
>
> Ciao,
> Mario
>
>
Bernd
Re: [announcement] new security extensions
Posted by Mario Ivankovits <ma...@ops.co.at>.
Hi Bernd! Bohmann schrieb:
> http://mail-archives.apache.org/mod_mbox/myfaces-dev/200610.mbox/%3c452D761B.8010502@atanion.com%3e
>
Sorry, I've read it in the past, but my brain didn't jump up at this
time :-(
> I like the idea to share more code with each other project.
Great!
The FileUpload stuff is somewhat tricky. If we would like to have it, it
has to go to tomahawk directly, else, it will collide with our
ExtensionsFilter. Or, we implement a way to disable the upload thing there.
Well, a way can be found just care has to be taken.
The security guy ( (c) matze ;-) ) can go to our sandbox15, @cagatay,
do you have time to do it?
Ciao,
Mario
Re: [announcement] new security extensions
Posted by Bernd Bohmann <be...@atanion.com>.
Hello,
I have ask to include this module and an other module for inclusion in
the myfaces common or what ever module, last month.
http://mail-archives.apache.org/mod_mbox/myfaces-dev/200610.mbox/%3c452D761B.8010502@atanion.com%3e
I like the idea to share more code with each other project.
Regards
Bernd
Matthias Wessendorf wrote:
> I am definitely interested in working closer with tobago in framework
> issues like this!
>
> Greetz,
> Matthias
>
> On 11/18/06, Mario Ivankovits <ma...@ops.co.at> wrote:
>> Hi Matthias!
>> > http://svn.apache.org/viewvc/myfaces/tobago/trunk/contrib/security/
>> This one is really interesting, though, instead of a simple error
>> message I'd prefer something like invoking a navigation, or even better
>> delegating the action to be taken to the user defined security context
>> implementation.
>> We should discuss with the tobago guys if stuff like this (not directly
>> tobago related) wouldn't fit better in our sandbox15, shouldn't we?
>>
>> Ciao,
>> Mario
>>
>>
>
>
Re: [announcement] new security extensions
Posted by Matthias Wessendorf <ma...@apache.org>.
I am definitely interested in working closer with tobago in framework
issues like this!
Greetz,
Matthias
On 11/18/06, Mario Ivankovits <ma...@ops.co.at> wrote:
> Hi Matthias!
> > http://svn.apache.org/viewvc/myfaces/tobago/trunk/contrib/security/
> This one is really interesting, though, instead of a simple error
> message I'd prefer something like invoking a navigation, or even better
> delegating the action to be taken to the user defined security context
> implementation.
> We should discuss with the tobago guys if stuff like this (not directly
> tobago related) wouldn't fit better in our sandbox15, shouldn't we?
>
> Ciao,
> Mario
>
>
--
Matthias Wessendorf
http://tinyurl.com/fmywh
further stuff:
blog: http://jroller.com/page/mwessendorf
mail: mwessendorf-at-gmail-dot-com
Re: [announcement] new security extensions
Posted by Mario Ivankovits <ma...@ops.co.at>.
Hi Matthias!
> http://svn.apache.org/viewvc/myfaces/tobago/trunk/contrib/security/
This one is really interesting, though, instead of a simple error
message I'd prefer something like invoking a navigation, or even better
delegating the action to be taken to the user defined security context
implementation.
We should discuss with the tobago guys if stuff like this (not directly
tobago related) wouldn't fit better in our sandbox15, shouldn't we?
Ciao,
Mario
Re: [announcement] new security extensions
Posted by Cagatay Civici <ca...@gmail.com>.
No, I haven't seen that until you pointed out. Looks interesting indeed.
Re: [announcement] new security extensions
Posted by Matthias Wessendorf <ma...@apache.org>.
Cagatay,
have you looked at
http://svn.apache.org/viewvc/myfaces/tobago/trunk/contrib/security/
?
-Matthias
On 11/14/06, Cagatay Civici <ca...@gmail.com> wrote:
> Hi,
>
> There is a new EL extension in sandbox for security purposes.
>
> The basic usage is like #{securityContext.ifGranted['rolename']}
>
> Here is the wiki;
>
> http://wiki.apache.org/myfaces/SecurityContext
>
> As mentioned in the wiki user-role Awareness attributes enabledOnUserRole
> and visibleOnUserRole will be deprecated in the future.
>
> Regards,
>
> Cagatay
>
--
Matthias Wessendorf
http://tinyurl.com/fmywh
further stuff:
blog: http://jroller.com/page/mwessendorf
mail: mwessendorf-at-gmail-dot-com