On Wed, Feb 24, 2010 at 3:14 PM, Alexander Kiel <alexanderk...@gmx.net> wrote: >> > Well, because I want to redirect from other places in code, not from >> > onActivate() method. >> >> I think this is a good course. I think you'll find your pages more >> maintainable when you have this kind of organization in place. If you >> have to get mid-way through processing or rendering the page to >> discover that the user doesn't belong there ... well, that would be a >> design smell to me. > > Thats right. Doing authorization on onActivate() is not the right place. > I have even a spring-security javax.servlet.Filter in front of Tapestry > right now. I have a hand made Mixin for role-based component visibility > based on spring-security > SecurityContextHolder.getContext().getAuthentication(). > > For a beginner like me, it would be really nice if Tapestry had some > lightweight annotations for authorization of pages, component visibility > and events against some lightweight maybe only role based authentication > service.
Agreed. I may put something simple together for that purpose, with default services that get overridden by real applications. > > Regards > Alex > > -- Howard M. Lewis Ship Creator of Apache Tapestry The source for Tapestry training, mentoring and support. Contact me to learn how I can get you up and productive in Tapestry fast! (971) 678-5210 http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
