I personally do use exception if user does not have enough rights, after all,
that is exception, and not the intended flow of usage. (And is usually sign
that someone is trying to gain rights that are not intended for that
person.)
I have also noticed that onActivate is a bad place to check general access
rights as you cannot be sure that the check implemented to base class is not
overridden or if developer uses one of the onActivate(param) variants, your
check might not get called at all.
For per page access rights it is the correct place to check.
For my taste the onActivate is also too late in the request cycle, I prefer
to use the page attached to check that user is authenticated. Then the
requested page can decide whether this particular user owns needed role etc.
to access the page in question, but the developer can rest assured that the
page is never accessed without correctly authenticated user.
Thus our secure pages need to extend secure basepage that has
@PageAttached
public void checkLoginStatus(){
if(!userSession.isUserLoggedIn()){
throw new SecurityRedirectException(Login.class);
}
}
-99
Howard Lewis Ship wrote:
>
> Using exceptions for control flow was never one of Tapestry great
> ideas; that's why its gone in Tapestry 5. Exceptions are exceptions,
> representing things that have failed.
>
> In any case, the activate event is a good place to perform checks.
> The return vaslue from onActivate() (the name of the event handler,
> following the naming conventions) can be another page in the
> application. So instead of throwing a redirect to the Login page, you
> just return an instance of it.
>
> On Tue, Aug 19, 2008 at 4:25 PM, Ben Wong <[EMAIL PROTECTED]> wrote:
>> Hi everyone,
>>
>>
>>
>> We have been using Tapestry 3 + Spring + Acegi for the last three years
>> and
>> had a pretty decent integrated architecture going. Now we are trying to
>> replace Tapestry 3 with Tapestry 5. One of the things I am trying to do
>> is
>> duplicate a base Tapestry page class that checks if the user is logged
>> in.
>> If not, it will throw a RedirectException to the Login page.
>>
>>
>>
>> I followed the following wiki page on the Tapestry 5 web site but it
>> looks
>> like the method I added in the AppModule never gets call. Hence,
>> Tapestry 5
>> just throws the RedirectException all the way to the top and the app
>> blows
>> up.
>>
>> http://wiki.apache.org/tapestry/Tapestry5RedirectException
>>
>>
>>
>> BTW, I am using the tapestry-spring module so it is configured to use the
>> TapestrySpringFilter, not the standard TapestryFilter. I don't know if
>> this
>> makes a difference.
>>
>>
>>
>> I just started learning Tapestry 5 so I am not really sure how the
>> AppModule
>> methods actually get call. I tried adding debugging statements in the
>> methods but none of the log statements show up.
>>
>>
>>
>> Hope someone can help or point the way to enlightenment.
>>
>>
>>
>> Thanks in advance,
>>
>> Ben Wong
>>
>>
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator Apache Tapestry and Apache HiveMind
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Trying-to-Implement-RedirectException-in-Tapestry-5-tp19060597p19067403.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
