> > Well, because I want to redirect from other places in code, not from > > onActivate() method. > > I think this is a good course. I think you'll find your pages more > maintainable when you have this kind of organization in place. If you > have to get mid-way through processing or rendering the page to > discover that the user doesn't belong there ... well, that would be a > design smell to me.
Thats right. Doing authorization on onActivate() is not the right place. I have even a spring-security javax.servlet.Filter in front of Tapestry right now. I have a hand made Mixin for role-based component visibility based on spring-security SecurityContextHolder.getContext().getAuthentication(). For a beginner like me, it would be really nice if Tapestry had some lightweight annotations for authorization of pages, component visibility and events against some lightweight maybe only role based authentication service. Regards Alex
signature.asc
Description: This is a digitally signed message part
