Apache Tiles gives us a possibility to add a definition or an attribute basing on role. What exactly is this role and how can I set a role for the current user?
Asked
Active
Viewed 632 times
2
ducin
- 25,621
- 41
- 157
- 256
1 Answers
1
The tiles roles are for container managed security. Where the framework gets the role see: http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html
Container managed security will differ between Application Server(AS), you'll need to consult your specific documentation.
The pros are, if you are already familiar with container managed security you can easily control access to your tiles. The con is that if you aren't using container managed security it isn't easy to set up and not that portable. As mentioned different AS different setup.
Spring security should be easier to implement and be more portable: http://static.springsource.org/spring-security/site/ and of course it can be applied to not only struts2 actions but the service and Data layers too.
Another application managed security framework that I want to look into is apache shiro: http://shiro.apache.org/ here is a SO question concerning the two: Spring security vs Apache Shiro
Community
- 1
- 1
Quaternion
- 10,380
- 6
- 51
- 102