Hi! I want to protect some pages based on the user groups the user is a member of. I have some partial success using
http://wiki.apache.org/tapestry/Tapestry5HowToControlAccess For the annotation @Private used there, I defined a parameter indicating the user group that is allowed to access the page. In the howto, if a user that is not logged in tries to access a private page, the login page is shown (which may or may not be a sufficient solution there), using response.sendRedirect(). In my case, the user may be logged in but not as a member of the right group. So, ideally, I'd like to present a page with some message with a "back" link to the previously displayed application page or, if the page was directly called, with the application start page. The first problem is passing a message text to the message display page. The first thing that came to my mind was a FLASH-persisted field, but as the authorization-checking logic is in a Dispatcher, I cannot use this. I could use the ApplicationStateManager to put some global object into the session, but this doesn't seem right. How should I display a message to the user? The second problem is the link to the originating or to the start page. Is this possible? Preferrably without javascript? Thank you, Dirk BGS Beratungsgesellschaft Software Systemplanung AG Niederlassung Köln/Bonn Grantham-Allee 2-8 53757 Sankt Augustin Fon: +49 (0) 2241 / 166-500 Fax: +49 (0) 2241 / 166-680 www.bgs-ag.de Geschäftssitz Mainz Registergericht Amtsgericht Mainz HRB 62 50 Aufsichtsratsvorsitzender Klaus Hellwig Vorstand Hermann Kiefer Nils Manegold Thomas Reitz
