On a side note, it's a bad thing to hard code allowed roles to page, we use a
service that is queried if this role is allowed to access this page (Or
execute this action.). That way we can have role - rights matrix that can be
administrated by the super user of the system. (Info can be on a file or db
+ we can make the customer to fill out the matrix initially..)
- 99
Thiago H. de Paula Figueiredo wrote:
>
> Em Wed, 20 Aug 2008 09:38:36 -0300, 9902468 <[EMAIL PROTECTED]>
> escreveu:
>
>> One possibility yes, but that approach requires to keep a list of secured
>> pages to allow un-authorized users access non-secure pages.
>>
>> (Pages could of course be annotated to be secure or use marker
>> interface.)
>
> That's what tapestry5-acegi (and its sister project
> tapestry5-spring-security) does:
>
> @Secured({"ROLE_1", {ROLE_2})
> public class YourPage {
> ...
> }
>
> There's a little difference: instead of using a RequestHandler or a
> Dispatcher, they transform the page classes at runtime. ;)
>
>> And your approach occurs earlier in the request cycle... Thanks for the
>> pointer!
>> (Always nice to do things right and to learn :))
>
> :)
>
> Thiago
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Trying-to-Implement-RedirectException-in-Tapestry-5-tp19060597p19069467.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
