Announcement Announcement Module
Collapse
No announcement yet.
ACL taglib Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACL taglib

    Hello,

    In my web application I need to render certain components based on ACL info. In order to do so I would need a taglib, does it exist? I was looking on how to implement it, but I guess it would not be as straightforward as I thought - I think it would require writing a new SecureContext, new IntegrationFilters, besides the taglib itself (or perhaps there is an easier way to do it?)

    Thanks a lot and keep up the good work!

    Victor

  • #2
    It's already done and in CVS. I'd suggest you do a checkout from CVS and take a look at the Contacts Sample application, which now uses ACL security entirely. It uses the new ACL taglib.

    Comment


    • #3
      Originally posted by Ben Alex
      It's already done and in CVS. I'd suggest you do a checkout from CVS and take a look at the Contacts Sample application, which now uses ACL security entirely. It uses the new ACL taglib.
      Ben means taglib authz with .tld file located in ACEGISECURITY_HOME\core\src\main\resources\net\sf\ acegisecurity\taglibs.

      But Ben, isn't necessary to add taglib declaration in web.xml? i.e.
      Code:
        	
      <taglib>
              <taglib-uri>/tags/authz</taglib-uri>
              <taglib-location>/WEB-INF/tld/authz.tld</taglib-location>
      </taglib>
      I can't find such code neither in web.xml for ca, nor for cas, so I add it and change corresponding code in include.jsp

      Comment


      • #4
        Citing from Ben's reference document:

        If you are using a JSP 1.1 container, you will need to declare the JSP tag library in your application's web.xml file, with code such as this:
        <taglib>
        <taglib-uri>http://acegisecurity.sf.net/authz</taglib-uri>
        <taglib-location>/WEB-INF/authz.tld</taglib-location>
        </taglib>
        For JSP 1.1 containers you will also need to extract the authz.tld file from the acegi-security-taglib.jar file and put it into your application's WEB-INF/lib folder.
        I should know it earlier :oops:

        Comment


        • #5
          I just checked the tags and they seem pretty cool, thanks a lot!

          Regards,

          V.

          Comment


          • #6
            Just as a side question, does anybody know if there is also an ACL servlet filter?

            Thanks,

            Victor

            Comment


            • #7
              An ACL servlet filter? Could you elaborate on what that would do a little?

              Comment


              • #8
                I would imagine a mechanism which "maps" a page (or set of pages) as a protected ACL object. Then we would be able to control access to the JSPs based on ACL info, allowing for example only users with at least read permission to view a certain page.
                IMHO the main advantage to this approach is that all access control info is centralized in the ACL database and not spread out across the XML config file.

                Regards,

                Victor

                Comment


                • #9
                  On my prior-to-0.7 TODO list is refactoring discussed at http://forum.springframework.org/showthread.php?t=11167.

                  This will enable a suitable taglib to be created, as the "configuration attributes" applicable to different URLs will be easily available.

                  If people are developing a full CMS they'll probably be using the ACL security instead, as they probably want to protect not only read but also create, delete, write etc. As such they'd use the existing ACL services and ACL taglib.
                  Last edited by robyn; May 14th, 2006, 05:23 PM.

                  Comment

                  Working...
                  X