AppFuseSecurityMethods |
|
Your trail: |
Difference between
version 12
and
version 11:
At line 115 changed 1 line. |
The second consideration for Actions is that public actions (any action that does not require the user to be logged on) can only access public methods on our manager beans and the resulting {{success}} page can only access public methods. When AppFuse comes out of the box the only action that needs to be modified is {{SignupAction}}. We will need to remove the code that ''automagically'' used to log in a user after signup. It would be possible to still do this, but it is fairly complicated and it's not really that important to me to make the user not have to log in right after creating his account. But the problem with leaving that code in is that is would cause one of the decorator pages to try and access UserManager.getUser() which is protected. This will cause an AccessDeniedException to be thrown since our user is not yet logged in. So remove this section of code from {{SignupAction}}: |
The second consideration for Actions is that public actions (any action that does not require the user to be logged on) can only access public methods on our manager beans and the resulting {{success}} page can only access public methods. When AppFuse comes out of the box the only action that needs to be modified is {{SignupAction}}. We will need to remove the code that ''automagically'' used to log in a user after signup. It would be possible to still do this, but it is fairly complicated and it's not really that important to me to make the user not have to log in right after creating his account. But the problem with leaving that code in is that it would cause one of the decorator pages to try and access UserManager.getUser() which is protected. This will cause an AccessDeniedException to be thrown since our user is not yet logged in. So remove this section of code from {{SignupAction}}: |
Back to AppFuseSecurityMethods,
or to the Page History.
|