In Tap 3, you don't have PageValidateListener, I think, so you have to use something like the initialize() method. I can't say for sure, having never used Tap 3.
--sam On 9/19/06, Sam Gendler <[EMAIL PROTECTED]> wrote:
You can implement the PageValidateListener interface in your base class. Then, in your pageValidate() method (the only method provided by the interface), you can check the session to see if a userId is stored there. If not, redirect the to the login page. If so, load the User object into the page. Assuming the User object has permission information, any of your inheriting classes can assume that the page contains a valid User object, so you can always call getUser().getPermissions() or pass the user object to a permission checking method, etc. pageValidate() is definitely the place to be doing any user auth, as far as i can tell. This method has worked really well for me in all my Tapestry apps. You can get sophisticated by adding an abstract isAuthRequired() method to your base class, so that a page can specify whether auth is required. Check the value in pageValidate() before bothering to authorize. You can also specify a certain level of permissions for a page, if you have many potential roles. For extra fun, if your pages implement the ExternalPage interface, when you redirect to the Login page, you can also store an ExternalCallback in the Login page and persist it to the login form. Then, after they submit their credentials and you have authenticated them, you can execute the ExternalCallback, taking them back to the page they were originally attempting to go to, wth the same paramters they originally had. Users LOVE this and it is surprisingly rare feature in most webapps, despite how much usability it adds to an app. You have access to any injected objects such as your business services from within pageValidate, so the sky is really the limit when it comes to the functionality you can offer via this mechanism. If you are using spring, you can easily tie things into acegi, too. I have no experience with Tapestry-Acegi, so this is how I do things. --sam On 9/18/06, James Carman <[EMAIL PROTECTED]> wrote: > Or, you can use Tapestry-Acegi, which allows you to annotate your > page/listener methods to define required permissions. Right now, anonymous > access to the SVN repo is not working, though. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Monday, September 18, 2006 10:30 AM > To: users@tapestry.apache.org > Subject: RE: User rights with tapestry? > > I've done this in my application. > > Basically I made an abstract subclass of a BasePage. All my pages subclass > this new class. All it has is a field requiredPermission which is set in the > constructor, and an initialize() method which checks permissions in the > Visit object with that requiredPermission field. If they don't have the > permission, it redirects them to a "no permissions" page. It was really > easy. > > Greg > > -----Original Message----- > From: CIJOML [mailto:[EMAIL PROTECTED] > Sent: Monday, September 18, 2006 10:04 AM > To: users@tapestry.apache.org > Subject: User rights with tapestry? > > > Hello, > > is there any howto available (for both version 3 and 4) which covers user > rights? > > I need users to see some properties (icons,links) only when I verify in DB, > that user should have such rights. > > Thanks a lot for reply > > Michal > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
