Peter Stavrinides a écrit :
Hi all
My question is more of a best practice related question, I want to use
a filter to extract my authentication code from the rest of the
application logic, [...]
Thanks in advance,
Peter
Hi,
First, I'm a real Tapestry newbie, and I believe that Tapestry has a
quite steep learning curve (at last for T5 with current documentation).
I wish to use JAAS inside my webapp, and I didn't achieve to use a
Tapestry login form. So I'm using a basic html page with Tomcat out of
box security login config. Magically, I'm able to retrieve my principal
in the JBoss EJB3 context. I use those EJBs for authorizations, Tapestry
just not knows if users have rights on data, as I delegate only the "V"
of MVC to Tapestry. If a user doesn't have right on something, a
security exception is thrown by the model and displayed back to him.
A better solution would be having one namespace dedicated to login
users, not protected by servlet container. A Tapestry component would be
able to login user, and redirect him to a component in another
namespace, this one protected by a security-constraint. I'm just more
confident in servlet container security filtering than in a home made
filter.
So, how can I login my user inside my component and be able to retrieve
my principal with RequestGlobals.getHTTPServletRequest().getUserPrincipal()?
Thanks,
Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
