-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi all,
at time i'm reading most info's i did found about spring security and how to implement into a ZKoss application.
There are secure methods for
- Url access
- view/rendering
- domain object level (acl)
- methode access
- event access(ZKoss)
For securing a page (url-access) i found all times the same modified
samples for calling new pages.
But how did i secure zul-pages that are rendered in an
area of a Borderlayout i.e. 'CENTER'.?
In my sample app i have only one Page the 'index.zul' with several areas.
All pages (apart the menu) are renderd in the CENTER area.
So this Page is every time the same --> 'index.zul'
Must i use in this case securing the action call of the menu items?
thanks
Stephan
Push.
No one who have an idea?
Hi terrytornado,
Can you provide your code?
@windperson
thanks for answering.
what code do you mean? The index.zul ??
I need a global answer. Does it goes or not. And if not, what is the normally
way or workaraound for securing zul-files that are rendered in borderlayout areas.
Thanks
Stephan
Push.
Nobody has solved the same problem?
Hi Stephan,
I think you should use event access, there's a smalltalk here:
http://www.zkoss.org/smalltalks/zkspringsec1/
And I think you should use the security access in menu action because all event will send back to server.
Terry, do you found this issues?
I have tha same problem! But I bypass for security method, provided that the method was responsible for submitting the new window!
NOT, DOESN´T A BEAUTY SOLUTIONS!!! So, who has an idea...
@windperson
@sudamar
thx for answering.
PS: I found this actual Thread only by searching the title????
yes, i have read this article.
1.
I agree to secure the event that calls a new page (zul-file) because with the underlaying design
i have always the same page-url ('index.zul'). So the url-based securing doesn't can work.
But i find this design very nicly and ressource-transfer friendly.
A friend of mine who works with jsp/jsf means
He: "whats the problem to call the whole thing new" included the menutree
and others that are not changed. All is in the cache of the server!
Me: Hmmm, what's then with the ajax thought. Allways loading all new because
otherwise the security doesn't work correctly or only with wokarounds !!
The other design problem is: By calling seperated pages you can secure
all pages in one line and can gradually give them free for special roles.
By securing pages over their event calls you does not forgot
a page (event call) otherwise it's unsecured.
I have not enough information about that. I will try make it runnable first with event securing.
2.
But my main design problem with the spring-security is to make the assigning of the Roles dynamically.
It means that the admin of the application can customize the security and made new additionally
roles self.
So i must put the logic for filling the 'ObjectDefinitionSource/MethodeDefinitionSource' in a DAO to read it from the database.
The big question is: 'Must the Application start new in the Tomcat for made these changings or is it enough to refresh the SecurityContextHolder?
regards
Stephan
@marcobuss
Many thanks Marco. It looks very interesting. Need time for a deeper reading.
Stephan
Asked: 2009-01-12 15:01:51 +0800
Seen: 364 times
Last updated: Jan 22 '09