Trace: • Replace Standard Application Menu • Client side Exception • Precise Object and Method Security • Defining and Using Application Parameters
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
jvx:server:security:object_method_access [2018/02/02 08:53] admin |
jvx:server:security:object_method_access [2020/06/25 10:52] (current) cduncan |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ~~NOTRANS~~ | ~~NOTRANS~~ | ||
| - | ~~Title: Precise object and method security~~ | + | ~~Title: Precise Object and Method Security~~ |
| - | If you use a [[jvx:server:security:manager|SecurityManager]], you can restrict the access to life-cycle objects. But sometimes you need restrictions for custom objects or methods of a life-cycle object. | + | If you use a [[jvx:server:security:manager|SecurityManager]], you can restrict the access to life cycle objects. But sometimes you need restrictions for custom objects or methods of a life cycle object. |
| - | We are not big fans of "configuration til death" because config files are not more than config files. Nobody should fill config files with application logic. Keep your logic in your source code. | + | We are not big fans of "configuration til death" because config files are nothing more than config files. Nobody should fill config files with application logic. Keep your logic in your source code. |
| If you implement ''com.sibvisions.rad.server.security.IObjectAccessController'', you'll have full control over object and method calls. The interface offers following methods: | If you implement ''com.sibvisions.rad.server.security.IObjectAccessController'', you'll have full control over object and method calls. The interface offers following methods: | ||
| Line 19: | Line 19: | ||
| </file> | </file> | ||
| - | The first method checks if it's allowed to call an object from a life-cycle object. You have access to all relevant objects like life-cycle object, called object and the object name. | + | The first method checks if it's allowed to call an object from a life cycle object. You have access to all relevant objects like life cycle object, called object, and the object name. |
| - | The second method checks if it's allowed to call a method from an object. You have access to all relevant information like object to call, method name, parameter and the object instance itself. | + | The second method checks if it's allowed to call a method from an object. You have access to all relevant information like object to call, method name, parameter, and the object instance itself. |
| == Example == | == Example == | ||
| Line 58: | Line 58: | ||
| </file> | </file> | ||
| - | We use the object name for our checks. It is also possible to check class names or instances. It also is not a problem to read the configuration from a XML file, if you think it's better. | + | We use the object name for our checks. It is also possible to check class names or instances and is not a problem to read the configuration from an XML file if you prefer. |