• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: false sense of security?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: false sense of security?


  • Subject: Re: false sense of security?
  • From: "Arturo Perez" <email@hidden>
  • Date: Wed, 01 Sep 2004 11:54:52 -0400

William Norris wrote:

On Wed, 01 Sep 2004 11:39:42 -0400, Arturo Perez <email@hidden> wrote:

One thing I've done, based on the security framework floating around is to

public void appendToResponse(...) {
      if (!authorized) return;
      super.appendToResponse();
}

If you do that in a ComponentContent and stick your sensitive content in
there it works great.

-arturo



I'm using a WOConditional to prevent the link from even being created. However, I'm running into another problem now... I have a function -

boolean userInGroup(String username, String password);

that will determine if the link should be displayed for that user. However, it appears to me that WOConditional (or any Dynamic Element
for that matter) will not allow you to bind functions that take in
parameters. The only thing that actually works would be a series of
functions - userInAdminGroup(), userInStudentGroup(), etc... but as
far as I'm concerned, that's not even a viable option.



Yeah, that's kind of annoying. Off the top of my head I can think of several hacks to get around it. I think using the ComponentContent design pattern I hinted at above is the cleanest solution. An alternative which may be easier to is put your method in session without any parameters (e.g. public boolean userPermitted()) since that's where your user information is likely to be. But that only works if the "group" information is relatively static (e.g. permissions on all pages are relatively the same).


For things like this I've often wished that WOComponent had a UserInfo.

-arturo
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.


  • Follow-Ups:
    • Re: false sense of security?
      • From: William Norris <email@hidden>
References: 
 >false sense of security? (From: William Norris <email@hidden>)
 >Re: false sense of security? (From: "Arturo Perez" <email@hidden>)
 >Re: false sense of security? (From: William Norris <email@hidden>)

  • Prev by Date: Re: false sense of security?
  • Next by Date: Re: false sense of security?
  • Previous by thread: Re: false sense of security?
  • Next by thread: Re: false sense of security?
  • Index(es):
    • Date
    • Thread