Re: Trying to Implement RedirectException in Tapestry 5

Wed, 20 Aug 2008 07:31:19 -0700 

I love the dispatcher approach for this, I like it simply because it removes 
security concerns from pages and is lightweight and customizable. 


----- Original Message -----
From: "9902468" <[EMAIL PROTECTED]>
To: users@tapestry.apache.org
Sent: Wednesday, 20 August, 2008 4:30:05 PM GMT +02:00 Athens, Beirut, 
Bucharest, Istanbul
Subject: Re: Trying to Implement RedirectException in Tapestry 5


On a side note, it's a bad thing to hard code allowed roles to page, we use a
service that is queried if this role is allowed to access this page (Or
execute this action.). That way we can have role - rights matrix that can be
administrated by the super user of the system. (Info can be on a file or db
+ we can make the customer to fill out the matrix initially..)

 - 99



Thiago H. de Paula Figueiredo wrote:
> 
> Em Wed, 20 Aug 2008 09:38:36 -0300, 9902468 <[EMAIL PROTECTED]>  
> escreveu:
> 
>> One possibility yes, but that approach requires to keep a list of secured
>> pages to allow un-authorized users access non-secure pages.
>>
>> (Pages could of course be annotated to be secure or use marker  
>> interface.)
> 
> That's what tapestry5-acegi (and its sister project  
> tapestry5-spring-security) does:
> 
> @Secured({"ROLE_1", {ROLE_2})
> public class YourPage {
>       ...
> }
> 
> There's a little difference: instead of using a RequestHandler or a  
> Dispatcher, they transform the page classes at runtime. ;)
> 
>> And your approach occurs earlier in the request cycle... Thanks for the
>> pointer!
>> (Always nice to do things right and to learn :))
> 
> :)
> 
> Thiago
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Trying-to-Implement-RedirectException-in-Tapestry-5-tp19060597p19069467.html
Sent from the Tapestry - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to