portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <...@latchkey.com>
Subject Security stuff...
Date Mon, 11 Jun 2001 18:16:22 GMT
on 6/11/01 12:09 AM, "taylor@apache.org" <taylor@apache.org> wrote:

>             Criteria criteria = new Criteria();
>             RoleSet roles = JetspeedSecurity.getRoles(criteria);
>             context.put("roles", roles.getRolesArray());

Why are you putting roles into the context? Security checks should happen on
a permission level, not on a role level.

Also, all of the information for a particular user is already stored in
$data.getACL(). That is the right way to determine if someone has the right
ACL or not...

-jon

-- 
"Open source is not available to commercial companies."
            -Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message