Difference between revisions of "Talk:ESAPI Specification"

From OWASP
Jump to: navigation, search
(Logged in user, from where?: new section)
(Logged in user, from where?)
Line 24: Line 24:
  
 
where is the logged in user information will come from? how is it going to be available for isAuthorized?
 
where is the logged in user information will come from? how is it going to be available for isAuthorized?
 +
 +
--[[User:jcmax|Juan C Calderon]] 19:16, 16 June 2011 (CDT)

Revision as of 19:16, 16 June 2011

I tried to keep the specification as compatible as I can with the existing APIs, however there are definately places where existing users are going to have to modify their code - specifically where it deals with Encoding and Validation. I believe these changes are absolutely necessary however to establish a good cross-platform specification. I also believe the migration path allows for the smoothest transition for end-users (developers) to make the necessary changes without completely breaking their existing implementations. This is similar to the path that Spring-Security took with it's 2.0 -> 2.5 -> 3.0 path where they did a very similar thing and I used their experience as the basis for the proposed roadmap.

--Chris Schmidt 02:23, 16 June 2011 (EDT)

Proposed Roadmap

Does this seem like a realistic and smooth approach?

--Chris Schmidt 02:26, 16 June 2011 (EDT)

AccessController

Let's start with discussing the proposed changes to the AccessController.

Summary of proposed changes:

  • Drop deprecated methods isAuthorizedForXXX, assertAuthorizedForXXX
  • Replace (Object) Parameters with strongly typed StereoTypes

Thoughts?

--Chris Schmidt 02:26, 16 June 2011 (EDT)

Logged in user, from where?

where is the logged in user information will come from? how is it going to be available for isAuthorized?

--Juan C Calderon 19:16, 16 June 2011 (CDT)