Thanks Kiuma,
Being that when a new user is added to the system, the system should
create a default role/set of perms, I don't think relying on web.xml is
workable. It seems like a db table (mapped via hibernate) would be the
best way, but as I'm just migrating to tapestry/java web development,
any opinions are welcome.
chris
Andrea Chiumenti wrote:
yes for every Q!
"It looks like this method checks against a role list in the deplyment
descriptor" -> JAAS (if u mean web.xml)
Ciao,
kiuma
On 7/17/07, Chris Lewis <[EMAIL PROTECTED]> wrote:
So all pages that are restricted must extend a page that implements the
security checks perms and handles enforcement, correct?
Regarding jaas, I've not used it before, but the
HttpServletRequest#isUserInRole method uses it? It looks like this
method checks against a role list in the deplyment descriptor.
Thanks tons for your input!
chris
Andrea Chiumenti wrote:
> do u want jaas ?
> if so:
> <inject property="request" object="service:
> tapestry.globals.HttpServletRequest"/>
> in ur code:
>
> getRequest().isUserInRole('somerole');
>
> Ciao,
> kiuma
>
> On 7/17/07, Damien Uern <[EMAIL PROTECTED]> wrote:
>>
>> Chris Lewis wrote:
>> > Hello all,
>> >
>> > I am seeking information/code samples on how to implement user
access
>> > control in Tapestry (4.1.2). Specifically, restricting pages to
>> > authenticated users. I assume that all restricted pages would
have to
>> > make a call to an authentication system, checking if the user is
>> logged
>> > in and if they have access to the page. If a user tries to access a
>> page
>> > they are not authorized to view, then "something" should happen.
This
>> > something may just be a message or an error page - the important
>> part is
>> > how to implement this across pages or a group of pages. Thanks for
>> your
>> > input!
>> >
>> > chris
>>
>> Piece of cake, you can create a page that handles authentication
>> checking as follows:
>>
>> public abstract class AbstractSecurePage extends AbstractPage
implements
>> PageValidateListener {
>>
>> InjectState("visit")
>> public abstract Session getSession();
>>
>> public void pageValidate(PageEvent event) {
>> //check user permissions here e.g.:
>>
>> if (!getSession().isUserLoggedIn()) {
>> throw new PageRedirectException("LoginPage");
>> }
>> }
>>
>>
>> }
>>
>> Hope that helps :D
>>
>> Damien
>> --
>>
>>
>> Damien Uern
>> Online Applications Developer
>> Synect Online Solutions
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
