Raible's Wiki: AppFuseSecurityMethods2

At line 1 changed 1 line.

In part one of this tutorial we got basic Method Invocation security working. But there still remains some holes in the security of our User object at the service level. For example if someone could get the controller to run UserManager.saveUser() on someone other than themselves, there is nothing at the service level to stop them.

In [Part I|AppFuseSecurityMethods] of this tutorial we got basic Method Invocation security working. But there still remains some holes in the security of our {{User}} object at the service level. For example if someone could get the controller to run {{UserManager.saveUser()}} on someone other than themselves, there is nothing at the service level to stop them.

At line 32 changed 7 lines.

[{Java2HtmlPlugin

/**

* Updates a user's information

*

* @param user the user's information

* @throws UserExistsException

*/

{{{

At line 40 changed 1 line.

}]

}}}

At line 43 changed 4 lines.

[{Java2HtmlPlugin

/**

* @see org.appfuse.service.UserManager#saveUser(org.appfuse.model.User)

*/

{{{

At line 50 changed 1 line.

}]

}}}

At line 143 changed 1 line.

{{test-all}} should now work. It is difficult to show any differences in the security now that we have added this to the service layer. That is because the User object is pretty well protected in the UserAction.

{{ant test-all}} should work now. It is difficult to show any differences in the security now that we have added this to the service layer. That is because the User object is pretty well protected in the UserAction. The main reason I wanted to make this is for other objects in people's apps based on AppFuse that have not had the same level of scruty in the controller as {{User}}.

Raible's Wiki

AppFuse

Other Applications

AppFuseSecurityMethods2