Intercept web request before a event is called for Security Permission checks
Locked
Intercept web request before a event is called for Security Permission checks
 
|
Re: Intercept web request before a event is called for Security Permission checks
|
|
The best thing to do is use an actual event for this, which may mean chaining to another request for security check pass/fail. Generally though there isn't page routing for security checks, but rather a change in a view and/or event that shows a message or whatever. In other words, the security checks in services and screens are the main touch points. Is there a more specific case where this has come up? -David On Feb 15, 2007, at 2:02 PM, Anil Patel wrote: > Hi, > Ofbiz Services security model allows us to intercept a call to service > before the actual service executed. On similar lines Do we have a > way to > intercept a Web Request for Security Check before the Event or view is > rendered, Something like > > <request-map uri="orderentry"> > <security https="true" auth="true"/> > <permission-service service-name="orderEntryGenericPermission" > action="Create" error-view="PermissionErrorScreen" /> > <event type="java" path=" > org.ofbiz.order.shoppingcart.ShoppingCartEvents" > invoke="routeOrderEntry"/> > <response name="init" type="view" value="checkinits"/> > <response name="agreements" type="view" > value="orderagreements"/> > <response name="cart" type="view" value="showcart"/> > <response name="error" type="view" value="checkinits"/> > </request-map> > > Thanks and Regards > Anil Patel |
smime.p7s (3K)
Re: Intercept web request before a event is called for Security Permission checks
|
|
Re: Intercept web request before a event is called for Security Permission checks
|
|
One way or another each service, screen, etc should be responsible for its own security (so that no matter how it is used the security doesn't get skipped or left out). We are moving more towards de-coupling security to make it more modular and easier to re-use, but still having it right in an implementation is an okay (though not ideal) approach. -David On Feb 16, 2007, at 1:30 PM, Anil Patel wrote: > David, > This came to mind when I was working on > ShoppingCartEvents::ShoppingCartEvents method. > This method has Security check code in it. At first Glance I didn't > like it. > > Is it Ok to to have Security checks code compiled into a class. I > am not > sure if there are more instances of similar thing. > > I will appreciate comments on it from you. > > Anil Patel > > > > > > > > On 2/15/07, David E. Jones <[hidden email]> wrote: >> >> >> The best thing to do is use an actual event for this, which may mean >> chaining to another request for security check pass/fail. >> >> Generally though there isn't page routing for security checks, but >> rather a change in a view and/or event that shows a message or >> whatever. In other words, the security checks in services and screens >> are the main touch points. >> >> Is there a more specific case where this has come up? >> >> -David >> >> >> On Feb 15, 2007, at 2:02 PM, Anil Patel wrote: >> >> > Hi, >> > Ofbiz Services security model allows us to intercept a call to >> service >> > before the actual service executed. On similar lines Do we have a >> > way to >> > intercept a Web Request for Security Check before the Event or >> view is >> > rendered, Something like >> > >> > <request-map uri="orderentry"> >> > <security https="true" auth="true"/> >> > <permission-service service- >> name="orderEntryGenericPermission" >> > action="Create" error-view="PermissionErrorScreen" /> >> > <event type="java" path=" >> > org.ofbiz.order.shoppingcart.ShoppingCartEvents" >> > invoke="routeOrderEntry"/> >> > <response name="init" type="view" value="checkinits"/> >> > <response name="agreements" type="view" >> > value="orderagreements"/> >> > <response name="cart" type="view" value="showcart"/> >> > <response name="error" type="view" value="checkinits"/> >> > </request-map> >> > >> > Thanks and Regards >> > Anil Patel >> >> >> |
| Free forum by Nabble | Edit this page |