Re: [securityfilter-devel] Cleaning up old bugs
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
Re: [securityfilter-devel] Cleaning up old bugs
|
From: Christopher S. <ch...@ch...> - 2007-11-05 17:59:57
|
Torgeir, Torgeir Veimo wrote: > One enhancement I've used locally, is to check for 401 codes after the = =20 > filter has run. This is done using a response wrapper in addition to =20 > the request wrapper, and some extra logic in the SecurityFilter class. >=20 > This allows us to have a subsystem return a 401, and security filter =20 > automatically redirecting to the login screen. It makes it much easier = =20 > to have dynamic permissions, since it's no longer declared statically = > in the security filter configuration file. >=20 > This might be handy for someone else as well? That sound interesting, but I don't think we'd want to include it in the standard distribution. Securityfilter is intended to be used with declarative security, so that's why I'm saying "no" to this request (at least for the time being). Perhaps with a more extensible (future) architecture, you'll be able to easily add that capability without actually patching securityfilter itself -- but instead subclass he filter and override some hooks or something. -chris |
