One thing where I am not very satisfied with tapestry is to implement an authentication support. I don't need anything fancy, I just want some pages where the user is authenticated and others that don't require authentication. And I'd like the authentication to be transparently implemented: I provide a login page that gets called when the authenticated page get called (by any type of link, some ExternalLinks other PageLinks). Right now I've implemented this by subclassing: I have an "AuthenticatedPage" class that has a pageValidate method. This method checks if the user is authenticated and if so do nothing (display the page) or else redirect the user to a login page and provide a callback to the page.
First trouble: this scheme doesn't work with ExternalLinks. The activateExternalPage, gets called *after* page validate. So in this scheme, the paramters passed to the external link get lost and the activateExternalPAge never called. Second trouble: Callbacks. Since I can't use external links for this schema, I tried to implement another way for a page to keep its property after it gets called back. Each page can provide (by overriding a method) its own callback. Sounds not too bad, but I discovered that a PageCallBack discards the properties values! One thing I was wondering is why is it so akward to implement an authentication theme? Why couln't tapestry take care of most of these mechanics? I bet they are the same for everyone. I read here that someone implemented an authentication interceptor that seems to do exactly that. For instance, Tapestry could provide a standard way for a page to say that it requires authentication. And provide some authentication API. And whatever type of link is used, take care of the whole callback stuff (for a page link, this would simply mean storing the page properties, and for an external link store the parameters). Right now, without some more API, I find it difficult to implement a scheme properly since a PageRedirectException only works properly in pageValidate. How did other people here implement an authentication theme? Thanks, Henri.
