I think so too.
My solution was to contribute to MasterDispatcher with a
SecurityDispatcher, that is responsible to verify if the user is
authenticated, before he has access to a page.
It is a request filter, but inside the tapestry framework, not a servlet
filter.
Chris Lewis wrote:
I apologize for being vague. I don't mean a servlet filter, I mean a
filter/filtering system with in the tapestry framework. Something that
might allow me to supply access logic before page rendering, so that I
don't have to require pages to know about the access control system
used. I know this can be implemented in pages and simplified by
subclassing, but I'm wondering if there is a cleaner way, a more
'separation of concerns' oriented way (a page is page, not an access
controller).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
