Raible's Wiki
Raible Designs AppFuseHomepage- Korean - Chinese - Italian - Japanese QuickStart Guide User Guide Tutorials Other ApplicationsStruts ResumeSecurity Example Struts Menu
Set your name in
UserPreferences
Referenced by
JSPWiki v2.2.33
Hide Menu |
This is version 3.
It is not the current version, and thus it cannot be edited. In part one of this tutorial we got basic Method Invocation security working. But there still remains some holes in the security of our User object at the service level. For example if someone could get the controller to run UserManager.saveUser() on someone other than themselves, there is nothing at the service level to stop them. This tutorial adds object specific security into the mix. Another way to accomplish this would be to use an access control list, but that solution may be a bit heavy for many apps. So ACL's will be a tutorial but not included in the core of AppFuse. So without getting into ACL's we can still secure our objects by making sure the user who is authenticated can only retreive, edit or delete his User object. Table of Contents
Prerequisites [#0]Basically you need to have completed part one of this tutorial.Add UserManager.updateUser() method [#1]Modify txProxyTemplate configuration [#2]Create the OwnerVoter [#3]I thought this would be appropriate to place in an org.appfuse.security package within src/service.Modify userManagerSecurity configuration [#4]Test All [#5]Attachments:
|