Without really answering your question, have you looked at
tapestry-acegi (http://www.carmanconsulting.com/tapestry-acegi/).
The Secured annotation is a life saver......
Robert J. Walker wrote:
My application has multiple security roles. To handle this, I have a
ProtectedPage class that handles all the security stuff, and all pages that
need to be secured descend from this class. It expects that the page
specification have the following tag:
<meta key="roles" value="{list of role names}"/>
In the validate() method, it reads that role name list, checks to see if the
user has any of those roles and acts accordingly. All this works fine.
The problem is, in my navigation I need to check each link to see if the user
is allowed to navigate to that page, and hide the link if they aren't. This has
two problems:
1) It has to load *all* the page specifications just to check one meta element
on each. That sucks.
2) When page caching is enabled, it causes NullPointerExceptions since many of
the pages require a reference to the request cycle to initialize themselves,
which works fine when you're actually activating that page, but when you pull a
page out of the pool without activating it, it often *won't* have a cycle.
So are there any ideas out there on how I can read a <meta> in a page
specification *without* initializing the page? Even just the string value would
suffice.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
