Re: WO Authentication
Re: WO Authentication
- Subject: Re: WO Authentication
- From: David Neumann <email@hidden>
- Date: Fri, 7 Mar 2003 16:17:02 -0600
Robert
I'm glad you find the framework useful. I apologize for the
"overwhelming" factor. I have a tendency to jam every conceivable
feature into my kits to make them more general case. Anyway, maybe I
can help you with the Windows server issues. Can you share anymore
about it?
The framework seems like a big bite to chew, but aside from inclusion
of a config file and either subclassing or interface implementing,
there is little if any impact on a new or even pre-existing project
code. I designed it so even if your WOComponents, WOSessions etc, can't
conveniently subclass mine, you can still get the benefits through
mostly one-liner method implementations when going the interface impl
route.
In addition to driving all access rules strictly by a config plist, you
can also implement certain methods on your pages or direct action
classes and provide more elaborate rules. For example:
public boolean denyPageGenerationBeforeLogin(){
return false;
}
public boolean denyPageGenerationAfterLogin(){
return false;
}
public boolean denyPageGenerationForNonSSLRequest(){
return false;
}
d
PS: if anyone wants to check out this example, you can download it from
my public iDisk.
http://homepage.mac.com/dneumann/FileSharing20.html; the archive
715.tar.gz
includes the framework, docs, and a demo app that uses it (an
implementation of a secure commerce site).
On Wednesday, March 5, 2003, at 08:00 PM, Robert Walker wrote:
Does anyone here have experience with the JavaWOSecurityExample
framework?
I have it working quite well in development mode on Mac OS X, however,
I am having difficulty getting it going on our Win2k deployment server.
Just something I have to work through.
My point it that it does exactly what you guys need.
If you're just getting started with WebObjects this may seem a bit
overwhelming. I know I felt a bit overwhelmed at first, but once I
understood what what going on it really wasn't that bad.
The really cool thing about it is that you don't really have to decide
ahead of time which pages you want to secure and which ones you don't.
All you have to do is edit a property list file to allow or deny access
to your components and direct actions. I really hope this stuff is
rolled into the standard WebObjects frameworks someday, if that's even
possible.
If you are interested please feel free to contact me either through
this mailing list or contact me directly.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.