Re: Overriding pageWithName
Re: Overriding pageWithName
- Subject: Re: Overriding pageWithName
- From: arturo <email@hidden>
- Date: Tue, 20 Jan 2004 18:00:11 -0500
----- Original Message -----
From: "Chuck Hill" <email@hidden>
> > That way, I just need to override/subclass WOComponent's pageWithName.
> >
> I've done a fair bit of this. What are you trying to do?
I'm trying to bridge the worlds of JAAS and WO. A somewhat generic
framework for using the JAAS permission model within a WO application.
I just reread David Neumann's WebObject and Security pdf from WWDC 2000.
His advice (override WOComponent.appendToResponse and
WODirectAction.performActionNamed()) don't seem secure enough to me. That
is, using his method, in order to remove the security from a secure
WOComponent you just need to re-override appendToResponse.
So, to me, what I'd like to do is JAAS-ify pageWithName. But I firmly
believe that the responsibility for securing a component should be up to the
WOComponent. This makes it more useful in that I can add secure components
to an already existing application. So I don't want to subclass
WOApplication.
Perhaps I should just stick to JAAS-ifying the constructor. But that falls
afoul of stateless components.
Well, I can ramble quite a bit about this. But, to my mind, the trick is to
make a non-overrideable method that does the accesscontroller
checkpermission call. Without reducing the flexibility of WO (that is, I
can make appendToResponse()
final but that would make it useless).
-arturo
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.