I looked at spring security, and it required yet-another annotation, and annotating a class to protect it didn't protect the methods as well. This struck me as too hit-or-miss
With Tomcat, I can simply protect whole paths or pages, no need to worry about annotating a class, and then annotating each method. Bit too fine-grained for my needs. On Thu, Apr 9, 2009 at 11:00 AM, manuel aldana <ald...@gmx.de> wrote: > Maybe you should look at the tapestry-spring-security plugin > (http://www.localhost.nu/java/tapestry-spring-security/index.html). It works > great and integrating is also not that difficult. > > Good thing is that you can both secure by single page or by page folders. > > Beware that it is not compatible with 5.1.x yet (works only for 5.0.18). > > daniel joyce schrieb: >> >> So I want to use pages with context so that it is easily bookmarkable. >> >> My website uses a DataSourcerealm to determine which pages can be >> accessed by a user. >> >> So normal flow is user logs in, first page he gets directed to sets up >> the User object as a ASO, other pages use this user. >> >> But if he bookmarks a url with context, say "configureProject/124332", >> and he clickes on the bookmark, logs in to tomcat, and gets redirected >> to it, the User object may not have been initialized yet. Now >> configure project is fine, since it is mostly working with projects. >> But I want the user object to exist so that I confirm the user >> actually owns it. >> >> Now I could have a basepage, whose onActivate() grabs the auth'd user >> string from the Httpsession, runs a query, and either sets up the User >> object, or bounces out the login page. And every other page could >> inherit from this one, and call super.OnActivate in their onActivate >> method. >> >> But I was wondering, is there a service I can write that can examine >> the HttpSession, and populate the User object. Is HttpSession >> available to services already? IE, can I inject it in the usual method >> via my builder? >> >> -Daniel >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> > > > -- > manuel aldana > ald...@gmx.de > software-engineering blog: http://www.aldana-online.de > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
