A couple of quick points: I specifically avoid using annotations to mark pages as protected because I want the option of modifying permissions at runtime. Therefore the access controller would use a delegate to provide the matrix of pages names to role/user permissions. If you've read the dispatcher articles then you are aware that I left that part out entirely. I'd like to update the article to include such an example, but I haven't yet found the time. Actually I'd like to write a replacement article that removes the need to parse the URL and uses T5 to provide the page instance (and therefore the page name) automatically - cleaner, and much safer.
Regarding your suggestion about a parameter to @Private - I haven't used (and won't) acegi which means I haven't used tapestry-acegi, but that system also uses an annotation to secure pages. That annotation takes a parameter that indicates the 'role' required to access the page, which I believe is what you want. I don't know if that's provided by tapestry-acegi or acegi, but it's a model you can follow. good luck chris Angelo Chen wrote: > Hi Stephane, > > I have used Chris Lewis approach and it works very well, I put a list of > page names in the access control. looking at your annotation based approach, > i found it better, one thing I'd like to suggest is, there are two kind of > pages namely: A) pages that requires user to log in, B) pages that in > addition to A, it should be visible to the particular logged in user only. > maybe we can add a parameter to the @Private? thanks, > > A.C. > > > Stephane Decleire wrote: > >> Hi, >> >> I've just published an article on the Tapestry Wiki on how to implement >> an access controller based on the dispatcher solution written by Chris >> Lewis. >> Feel free to comment and correct my poor english ;-) >> >> Stephane >> >> >> > >
