We are using a custom dispatcher called "AccessControlDispatcher".
It is like the AccessDispatcher described in the howto-wiki, but in addition
it checks for certain roles.
This works through a SessionState object that implements an interface used
by the dispatcher to determine if the SessionState object has the
required role(s)
or not.
All you have to do is to annotate the desired page with
"@Secured(Role.ADMIN)"
for example. the dispatcher checks if the current user has the required
role for this page,
if not the dispatcher calls an AccessDeniedCallback, where you can
redirect to the login page
or something like that. The Callback and the Class of the SessionState
object that implements
the interface needed by the dispatcher are contributable over a mapped
configuration.
It is very simple and i think there is a lot potential to improve this, but
until now it works for us.
Maybe this idea helps you ^.^
Thibaut Gadiolet schrieb:
OK, I stop using a full T5 solution to handle authentication/authorization.
I am using ACEGI with a basic configuration, you can easily integrate it to
your T5 projects, It's not as heavy as I thought, and it turned out to be
very efficient.
But if someone gets a better solution full T5, I'm open.
Thanks,
Thibaut
On Fri, May 22, 2009 at 4:10 AM, Sergey Didenko <sergey.dide...@gmail.com>wrote:
Thanks for tips, Thiago!
This has been discussed in this list before. Check the archives
(http://www.nabble.com/Tapestry---User-f340.html) for some ideas.
Usually they are centered around a RequestFilter or a
ComponentClassTransformer.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
