• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Component security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Component security

  • Subject: Component security
  • From: Stirling Olson <email@hidden>
  • Date: Fri, 12 Aug 2005 13:43:21 -0600
Hi,

I am trying to implement component-based security in my WO app. I've searched the lists and can't quite find what I'm hoping to do. I have seen some ideas for redirects in pageWithName() but that puts everything in Application, I believe, and I'd like to do the checks in the components and the component super classes.

In my model, I have a User class with login credentials (based on stuff from Practical Webobjects). This class then implements a method checkSecurityAccess( int securityAccessId ). Security groups and access are stored in the model with relationships to the User, but all that is not interesting here. What I'd like to do is something like this in each component or in component super classes:

public void awake()
    {
    super.awake();

theCurrentUser.checkSecurityAccess ( STATIC_INT_FOR_THIS_COMPONENT );
}

where checkSecurityAccess() will throw a security exception when this user shouldn't have access. I then catch the ExceptionSecurityAccess in Application.handleException() and display an appropriate security violation page. I created an exception for this purpose (ExceptionSecurityAccess) but I can't throw an unnamed Exception in awake() and can't override awake() with a throws ExceptionSecurityAccess.

So, if I can't put this check in awake() (or appendToResponse()), where can I put it? Am I missing some obvious better solution? Am I flaking on some obvious way to throw an appropriate exception from awake() or appendToReponse()?

Many thanks,
Stirling


P.S.
I'd like to use this type of paradigm if possible so I can also do stuff like this:

public void someComponentAction()
{
theCurrentUser.checkSecurityAccess ( STATIC_INT_FOR_SOME_COMPONENT_ACTION );

    // everything else for the component action here
    }

which allows for finer security within each component, if necessary.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: PostgreSQLPlugIn.framework

    • 

  • Next by Date:
Re: PostgreSQLPlugIn.framework

    • 

  • Previous by thread:
Re: PostgreSQLPlugIn.framework

    • 

  • Next by thread:
Problem adding key with WebObjects Builder

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •