On Fri, Feb 15, 2008 at 12:18 PM, ryanskow <[EMAIL PROTECTED]> wrote: > > > Example: > > MyPage has two 'action' methods: > Object onActionFromThingOne() > Object onActionFromThingTwo() > > Before these methods get called by the ComponentEventDispatcher, is it > possible for MyPage to do something such as check to see if the user has > permission to access these methods? If MyPage decides that it doesn't want > the event to process, ideally it would have 'veto' power to stop its methods > from being invoked.
An event handler method for event "initialize" can be used for this purpose. > > As hinted to, I'm looking to implement 'action' level security. One obvious > option would be to put some sort of 'checkSecurity()' method at the > beginning of each and every action method. That being sub-optimal, I'm > looking for a slightly more global approach of doing so. MyPage would > eventually extend a base class and all of the checking of security can be > done there instead of in each page. > > Seems as though I'm very close, but just can't figure out a good place to > know the critical pieces of information: > 1. who is logged in > 2. what page is being invoked > 3. what method on the page is being invoked This information is less accesible to the page (things are very compartmentalized). There's also two request pipelines: ComponentEventRequestHandler and PageRenderRequestHandler that can be extended (by contributing filters ... see the JavaDoc). These allow you to apply tests and checks across all pages. > > Anyway, I'm open to other approaches as well. > > Thanks! > > > -- > View this message in context: > http://www.nabble.com/Can-a-page-do-something-before-actions-are-invoked-on-it--tp15509207p15509207.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Howard M. Lewis Ship Creator Apache Tapestry and Apache HiveMind --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
