Raible's Wiki
Raible Designs
Wiki Home
News
Recent Changes
AppFuse
Homepage- Korean
- Chinese
- Italian
- Japanese
QuickStart Guide
- Chinese
- French
- German
- Italian
- Korean
- Portuguese
- Spanish
- Japanese
User Guide
- Korean
- Chinese
Tutorials
- Chinese
- German
- Italian
- Korean
- Portuguese
- Spanish
Other Applications
Struts ResumeSecurity Example
Struts Menu
Set your name in
UserPreferences
UserPreferences
Referenced by
AppFuseSecurityMetho...
JSPWiki v2.2.33
![[RSS]](https://raibledesigns.com/wiki/images/xml.png "Aggregate the RSS feed")
Hide Menu
AppFuseSecurityMethods2 |
|
| Your trail: | |
Difference between version 10 and version 5:
| At line 1 changed 1 line. |
| In part one of this tutorial we got basic Method Invocation security working. But there still remains some holes in the security of our User object at the service level. For example if someone could get the controller to run UserManager.saveUser() on someone other than themselves, there is nothing at the service level to stop them. |
| In [Part I|AppFuseSecurityMethods] of this tutorial we got basic Method Invocation security working. But there still remains some holes in the security of our {{User}} object at the service level. For example if someone could get the controller to run {{UserManager.saveUser()}} on someone other than themselves, there is nothing at the service level to stop them. |
| At line 23 changed 1 line. |
| [{Java2HtmlPlugin |
| {{{ |
| At line 25 changed 1 line. |
| }] |
| }}} |
| At line 27 changed 1 line. |
| [{Java2HtmlPlugin |
| {{{ |
| At line 29 changed 1 line. |
| }] |
| }}} |
| At line 32 changed 7 lines. |
| [{Java2HtmlPlugin |
| /** |
| * Updates a user's information |
| * |
| * @param user the user's information |
| * @throws UserExistsException |
| */ |
| {{{ |
| At line 40 changed 1 line. |
| }] |
| }}} |
| At line 43 changed 4 lines. |
| [{Java2HtmlPlugin |
| /** |
| * @see org.appfuse.service.UserManager#saveUser(org.appfuse.model.User) |
| */ |
| {{{ |
| At line 50 changed 1 line. |
| }] |
| }}} |
| At line 55 changed 1 line. |
| [{Java2HtmlPlugin |
| {{{ |
| At line 57 changed 1 line. |
| }] |
| }}} |
| At line 59 changed 1 line. |
| [{Java2HtmlPlugin |
| {{{ |
| At line 61 changed 1 line. |
| }] |
| }}} |
| At line 82 changed 1 line. |
| I thought this would be appropriate to place in an {{org.appfuse.security}} package within {{src/service}}. |
| I thought this would be appropriate to place in an {{org.appfuse.security}} package within {{src/service}}. You can download [OwnerVoter here|http://raibledesigns.com/wiki/attach?page=AppFuseSecurityMethods2%2FOwnerVoter.java]. |
| At line 143 changed 1 line. |
| {{test-all}} should now work. It is difficult to show any differences in the security now that we have added this to the service layer. That is because the User object is pretty well protected in the UserAction. |
| {{ant test-all}} should work now. It is difficult to show any differences in the security now that we have added this to the service layer. That is because the User object is pretty well protected in the UserAction. The main reason I wanted to make this is for other objects in people's apps based on AppFuse that have not had the same level of scruty in the controller as {{User}}. |
Back to AppFuseSecurityMethods2, or to the Page History.