What about using a requestfilter? Any better docs on how to implement one? I see bits and pieces here and there, but nothing as coherent as the Dispatcher howto.
-Daniel On Thu, Apr 9, 2009 at 11:38 AM, daniel joyce <daniel.a.jo...@gmail.com> wrote: > I looked at spring security, and it required yet-another annotation, > and annotating a class to protect it didn't protect the methods as > well. This struck me as too hit-or-miss > > With Tomcat, I can simply protect whole paths or pages, no need to > worry about annotating a class, and then annotating each method. Bit > too fine-grained for my needs. > > On Thu, Apr 9, 2009 at 11:00 AM, manuel aldana <ald...@gmx.de> wrote: >> Maybe you should look at the tapestry-spring-security plugin >> (http://www.localhost.nu/java/tapestry-spring-security/index.html). It works >> great and integrating is also not that difficult. >> >> Good thing is that you can both secure by single page or by page folders. >> >> Beware that it is not compatible with 5.1.x yet (works only for 5.0.18). >> >> daniel joyce schrieb: >>> >>> So I want to use pages with context so that it is easily bookmarkable. >>> >>> My website uses a DataSourcerealm to determine which pages can be >>> accessed by a user. >>> >>> So normal flow is user logs in, first page he gets directed to sets up >>> the User object as a ASO, other pages use this user. >>> >>> But if he bookmarks a url with context, say "configureProject/124332", >>> and he clickes on the bookmark, logs in to tomcat, and gets redirected >>> to it, the User object may not have been initialized yet. Now >>> configure project is fine, since it is mostly working with projects. >>> But I want the user object to exist so that I confirm the user >>> actually owns it. >>> >>> Now I could have a basepage, whose onActivate() grabs the auth'd user >>> string from the Httpsession, runs a query, and either sets up the User >>> object, or bounces out the login page. And every other page could >>> inherit from this one, and call super.OnActivate in their onActivate >>> method. >>> >>> But I was wondering, is there a service I can write that can examine >>> the HttpSession, and populate the User object. Is HttpSession >>> available to services already? IE, can I inject it in the usual method >>> via my builder? >>> >>> -Daniel >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> For additional commands, e-mail: users-h...@tapestry.apache.org >>> >> >> >> -- >> manuel aldana >> ald...@gmx.de >> software-engineering blog: http://www.aldana-online.de >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
