This content has been marked as final.
Show 5 replies
-
1. Re: LoginAction - Understanding Second Part?
pmuir Aug 9, 2006 4:47 AM (in response to connerjohn)I don't use this so I'm not 100% but looking at it, it seems to me that if the user is logged in the invocation proceeds as normal, if we are in phase other than INVOKE_APPLICATION (e.g. updata data model) and not logged in then the method called is invoke but the invocation chain is not followed (i.e. subsequent interceptors are not called) - but why this design decision I'm not sure...
-
2. Re: LoginAction - Understanding Second Part?
connerjohn Aug 9, 2006 12:48 PM (in response to connerjohn)"petemuir" wrote:
....but why this design decision I'm not sure...
Thanks! I guess I'm asking about the design reasoning? What is the purpose of calling the method but not the rest of the chain?
Thanks again,
--jc -
3. Re: LoginAction - Understanding Second Part?
gavin.king Aug 9, 2006 5:51 PM (in response to connerjohn)No strong reason, just trying to avoid side-effects. Note that @LoggedIn is not meant for production use. Its better to use a real security fwk.
-
4. Re: LoginAction - Understanding Second Part?
connerjohn Aug 9, 2006 9:06 PM (in response to connerjohn)"gavin.king@jboss.com" wrote:
No strong reason, just trying to avoid side-effects.
Thanks for the explanation! I was just trying to understand what I was seeing."gavin.king@jboss.com" wrote:
Note that @LoggedIn is not meant for production use. Its better to use a real security fwk.
I agree that the form of @LoggedIn isn't something I want to use. Altough, are you saying there is a problem with storing the the user credentials in the Session context?
One of these days I'm going to dig into the different security models (app server or AECGI - I know I probably butchered that acronym) and I saw there is some new security stuff in Seam.
Always more to do :)
--jc -
5. Re: LoginAction - Understanding Second Part?
johnurban Nov 3, 2006 10:50 PM (in response to connerjohn)
Note that @LoggedIn is not meant for production use. Its better to use a real security fwk.
Hmm... I am authenticating users via MySQL DB. I am use to using tag libraries to guard/authorize views in JSP's. Thought using the @LoggedIn was a slick way of guarding views. You say use a "real security fwk". Do I keep following my tag library method that I've always used, or is there a better way?