So all pages that are restricted must extend a page that implements the
security checks perms and handles enforcement, correct?
Regarding jaas, I've not used it before, but the
HttpServletRequest#isUserInRole method uses it? It looks like this
method checks against a role list in the deplyment descriptor.
Thanks tons for your input!
chris
Andrea Chiumenti wrote:
do u want jaas ?
if so:
<inject property="request" object="service:
tapestry.globals.HttpServletRequest"/>
in ur code:
getRequest().isUserInRole('somerole');
Ciao,
kiuma
On 7/17/07, Damien Uern <[EMAIL PROTECTED]> wrote:
Chris Lewis wrote:
> Hello all,
>
> I am seeking information/code samples on how to implement user access
> control in Tapestry (4.1.2). Specifically, restricting pages to
> authenticated users. I assume that all restricted pages would have to
> make a call to an authentication system, checking if the user is
logged
> in and if they have access to the page. If a user tries to access a
page
> they are not authorized to view, then "something" should happen. This
> something may just be a message or an error page - the important
part is
> how to implement this across pages or a group of pages. Thanks for
your
> input!
>
> chris
Piece of cake, you can create a page that handles authentication
checking as follows:
public abstract class AbstractSecurePage extends AbstractPage implements
PageValidateListener {
InjectState("visit")
public abstract Session getSession();
public void pageValidate(PageEvent event) {
//check user permissions here e.g.:
if (!getSession().isUserLoggedIn()) {
throw new PageRedirectException("LoginPage");
}
}
}
Hope that helps :D
Damien
--
Damien Uern
Online Applications Developer
Synect Online Solutions
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
