On 09. Apr 2006 - 12:10:40, James Carman wrote:
| Are you using Hibernate? You can use a "filter" in Hibernate
| (http://www.hibernate.org/hib_docs/v3/reference/en/html/filters.html) to
| filter out the "illegal" objects from the query results.
Yes, as I said... ;) That sounds as if it perhaps
f Of
Andreas Bulling
Sent: Sunday, April 09, 2006 11:22 AM
To: Tapestry users
Subject: Re: Best practice: Security Layer
First, thanks to all of you for your answers!
But as it seems that I wasn't able to properly explain
what I had in mind/what my problem is I will try again. ;)
I didn'
Hi and thanks a lot for your answer!
| I'm not sure of your environment, but I use ACEGI for this (and all
| other) types of security. It allows not only 'page' access, but also
| method/object access security. The thing I like most about it is that it
| completely (?) removes all security worries
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm not sure of your environment, but I use ACEGI for this (and all
other) types of security. It allows not only 'page' access, but also
method/object access security. The thing I like most about it is that it
completely (?) removes all security worrie
First, thanks to all of you for your answers!
But as it seems that I wasn't able to properly explain
what I had in mind/what my problem is I will try again. ;)
I didn't think of authentification (I also solved this
using a pageValidate() method) but of a security
layer for database accesses. Say f
Andreas,
I went back and forth with another developer on this list less than a
month ago about some of the pros and cons of subclasses, pageValidate,
and interceptors for authentication. You might want to take a look at
that thread.
http://mail-archives.apache.org/mod_mbox/jakarta-tapestry-user/
Hi Andreas,
> [...]
> What about the Hibernate Interceptors, the Hibernate Event
> interface, perhaps a self-coded Hivemind interceptor solution,
> some Tapestry stuff I don't know? How did you solve this
> problem?
> I'm really looking forward to all of your answers! ;)
I'm using the validation
Andreas,
I'm using a custom hivemind interceptor on the major service-points'
'service' method that checks for authentication and redirects to the
login page if none exists.
The only problem (and it's a big one) is that the page isn't set up
when the interceptor runs. I can get to the page name
