I originally did use a base page, but decided against it for a number
of reasons.
The first is that nearly all pages in the app are protected (it's a
management app), so nearly every page would need to extend this base
class just to get this otherwise free feature. I don't really like
that.
I can tell tapestry that the default base page is this page, but then
pages that don't otherwise need a page class at all AND don't need the
security check have to create a page class that extends BasePage just
to avoid the security check. Seem pointless.
Another issue is that of enforcement. If a developer needs to
implement the pageAttach method they need to remember to call
super.pageAttach first. Alternatively, I can make the pageAttach
method final in the base class to eliminate the potential security
bugs and redirect to a new method (say, realPageAttach) that needs to
be overridden by pages that need that callback -- except, again, for
those classes that don't need authentication, which should extend
directly from BasePage and implement PageAttachedListener and
implement the method themselves. Seems alot for people to have to
remember just to use the authentication features correctly.
Even if the logic exists in the base class, the callback issue remains
the same. Pages that want to be callbackable will have to implement
some method that I can call from the base class to get the parameter
array. That would lead to code of the following ilk, which seems odd
at the very least (if it will even work).
if (this instanceof IParamProvidingCallback) {
IParamProvidingCallback ppcb = (IParamProvidingCallback) this;
Obect[] params = ppcb.getParamArray();
// use my param array to create an ExternalCallback
}
As to the duplication of hivemind configurations, there are 5 services
to which I am contributing an interceptor factory (by reference,
anyway) and there are significantly more pages that need protection.
I'm not really worried about *that* duplication.
If I can get callbacks to work with the fix that Jesse said he'll look
into (thanks again) than I see this as a significant improvement to
what people would look at as the 'standard' approach to authentication
for tapestry frameworks. It's a much, much better separation of
concerns.
I appreciate the input, but the base page approach just isn't workable.
As an aside, I looked into the interceptor provided by HiveUtils and
as far as I could tell, all it did was throw an exception, which
seemed fairly stupid -- general purpose, but stupid nonetheless.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
