James, You said, "I tried implementing it exactly as you suggested", which method there were two? It would help to post your code.
regards, Mark Mark J. Stang Senior Engineer/Architect office: +1 303.468.2900 mobile: +1 303.507.2833 Ping Identity -----Original Message----- From: James Sherwood [mailto:[EMAIL PROTECTED] Sent: Mon 2/26/2007 12:21 PM To: Tapestry users Subject: Re: Page Validation Hello, I tried implementing it exactly as you suggested but I still get to see the first page. Once I refresh or try to go somewhere it sends me to the login page. The funny thing is, the PageRedirectException IS being thrown, its just not going to the login page. Any ideas? --James ----- Original Message ----- From: "Nikla Ratinen" <[EMAIL PROTECTED]> To: "Tapestry users" <users@tapestry.apache.org> Sent: Friday, February 23, 2007 1:02 PM Subject: Re: Page Validation > > Hi, > > As an alternate approach you may override the default page source with an > implementation > that checks security constraints just before giving out the page > instance - this basically has the > added benefit that secured page instances may not be obtained even through > (accidental) malicious code in non-secure pages or services. > > > -- Overridden engine > public class MyEngine extends BaseEngine > { > protected IPageSource createPageSource(RequestContext context) > { > return new ProtectedPageSource(this); > } > } > > -- Overridden page source > public class ProtectedPageSource extends PageSource > { > public ProtectedPageSource(IEngine engine) > { > super(engine); > } > public IPage getPage(IRequestCycle cycle, String pageName, IMonitor > monitor) > { > IPage page = super.getPage(cycle, pageName, monitor); > if (page != null && page instanceof ProtectedPage) > { > Visit visit = (Visit) cycle.getEngine().getVisit(); > if (visit == null || visit.getUser() == null) > throw new PageRedirectException("Login"); } > return page; > } > } > > -- A protected page > > public class ProtectedPage > extends BasePage > { > } > > > Something along those lines ;) > > Cheers, > -- Nikla > > > > Mark Stang wrote: >> Hi, >> This seems to work for us. >> >> public class ValidatePage >> extends BasePage >> implements PageValidateListener >> { >> public void pageValidate(PageEvent event) >> { >> Mediator mediator = MgmtFactory.getMediator(); >> if (!mediator.isConsole()) >> { >> IPage messagePage = >> getRequestCycle().getPage("nonAdminConsole"); >> throw new PageRedirectException(messagePage); >> } >> else >> { >> // If there is no visit object or the user isn't auth'd ship >> // them off to the login page >> Visit visit = (Visit)getVisit(); >> if (visit == null || !visit.isUserAuthenticated()) >> { >> Login login = (Login)getRequestCycle().getPage("login"); >> throw new PageRedirectException(login); >> } >> } >> } >> } >> >> I tried a couple of different experiments. The first was to log in and >> copy a link then close the browser. I wasn't able to get to the page via >> the direct link. If I "logout" and try and access the page via a direct >> link, I don't get access. If I log in and copy a link and then surf off >> to another page, then I can come back via the direct link. All of this >> is based on my use of a session and the visit object. So, reviewing you >> code, I would think you need to have to check more than if the visit >> exists. You need to store a flag saying they they have been >> authenticated. >> >> regards, >> >> Mark >> >> Mark J. Stang >> Senior Engineer/Architect >> office: +1 303.468.2900 >> mobile: +1 303.507.2833 >> Ping Identity >> >> >> >> -----Original Message----- >> From: James Sherwood [mailto:[EMAIL PROTECTED] >> Sent: Fri 2/23/2007 6:34 AM >> To: Tapestry users >> Subject: Page Validation >> Hello, >> >> We use Tapestry 3.2 >> >> I have security (login) using PageValidateListener. >> >> The secure page in the site is called ISOPage which extends BasePage. >> >> I add the page validation using: >> public ISOPage(){ >> super(); >> addPageValidateListener(new PageValidationListener()); >> } >> >> The PageValidationListener class implements PageValidateListener and does >> security like this: >> >> if(visit.getUser() == null){ >> throw new PageRedirectException("UserLogin"); >> } >> >> This all works fine it seems unless a direct is involved. >> >> If I copy a directlink then try to access it without loggin in it shows >> me the page the directlink java code is on. >> >> The PageRedirectException does happen and if I refresh or try to go >> anywhere it sends me to the login but it still shows that page first. >> >> Any ideas? >> Thanks, >> James >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > __________ NOD32 2077 (20070223) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]