Re: user access control

Tue, 17 Jul 2007 08:28:49 -0700 

yes for every Q!

"It looks like this method checks against a role list in the deplyment
descriptor" -> JAAS (if u mean web.xml)

Ciao,
kiuma

On 7/17/07, Chris Lewis <[EMAIL PROTECTED]> wrote:


So all pages that are restricted must extend a page that implements the
security checks perms and handles enforcement, correct?
Regarding jaas, I've not used it before, but the
HttpServletRequest#isUserInRole method uses it? It looks like this
method checks against a role list in the deplyment descriptor.

Thanks tons for your input!

chris

Andrea Chiumenti wrote:
> do u want jaas ?
> if so:
> <inject property="request" object="service:
> tapestry.globals.HttpServletRequest"/>
> in ur code:
>
> getRequest().isUserInRole('somerole');
>
> Ciao,
> kiuma
>
> On 7/17/07, Damien Uern <[EMAIL PROTECTED]> wrote:
>>
>> Chris Lewis wrote:
>> > Hello all,
>> >
>> > I am seeking information/code samples on how to implement user access
>> > control in Tapestry (4.1.2). Specifically, restricting pages to
>> > authenticated users. I assume that all restricted pages would have to
>> > make a call to an authentication system, checking if the user is
>> logged
>> > in and if they have access to the page. If a user tries to access a
>> page
>> > they are not authorized to view, then "something" should happen. This
>> > something may just be a message or an error page - the important
>> part is
>> > how to implement this across pages or a group of pages. Thanks for
>> your
>> > input!
>> >
>> > chris
>>
>> Piece of cake, you can create a page that handles authentication
>> checking as follows:
>>
>> public abstract class AbstractSecurePage extends AbstractPage
implements
>>                 PageValidateListener {
>>
>>     InjectState("visit")
>>     public abstract Session getSession();
>>
>>     public void pageValidate(PageEvent event) {
>>          //check user permissions here e.g.:
>>
>>          if (!getSession().isUserLoggedIn()) {
>>             throw new PageRedirectException("LoginPage");
>>          }
>>     }
>>
>>
>> }
>>
>> Hope that helps :D
>>
>> Damien
>> --
>>
>>
>> Damien Uern
>> Online Applications Developer
>> Synect Online Solutions
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to