Hi Have you looked in to tynamo security project ?
2010/7/30 Daniel Henze <dhe...@googlemail.com> > Hi Christophe, > > yes, I have read that article before, but admit that I could not grasp all > the details by that time and therefore decided to go with > tapestry-spring-security. A lot of knowledge has been gained in between > though, so I will re-read and think about option 3 (re-implementing security > with my own requirements). This will take a tad longer, but probably benefit > a lot in terms of learning curve. > > Cheers > Daniel > > Am 30.07.2010 12:34, schrieb Christophe Cordenier: > > Hi >> >> Have already read this article [1] from Howard, it explains how to secure >> an >> application via Annotations and shows the pipeline as well >> >> >> [1] >> http://tapestryjava.blogspot.com/2009/12/securing-tapestry-pages-with.html >> >> 2010/7/30 Daniel Henze<dhe...@googlemail.com> >> >> >> >>> Hi everyone, >>> >>> I created a Service, contributeded it as Dispatcher to check on request >>> of >>> secured pages (using tapestry-spring-security with @Secured annotation) >>> whether the user profile has all required fields filled out. In case, >>> information is missing, the user is forwarded to his profile page and >>> requested to update the required fields. >>> >>> So far so good, following the AccessController example from the Tapestry >>> HowTos I could build the service and add it to the Dispatcher Pipeline: >>> --- (important part from AccessController): >>> Component page = componentSource.getPage(pageName); >>> boolean privatePage = page.getClass().getAnnotation( Secured.class ) >>> != >>> null; >>> >>> if (privatePage) >>> { >>> canAccess = false; >>> /* Is the user already authentified ? */ >>> if(asm.exists(User.class)) >>> { >>> User user = asm.get(User.class); >>> canAccess = user.getUserProfile().isComplete(); >>> System.out.println("user " + user.getUsername() + " has completed >>> his profile: " + canAccess); >>> } >>> } >>> --- >>> public static void >>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher> >>> configuration, >>> AccessController accessController){ >>> configuration.add("AccessWithCompleteProfileController", >>> accessController, "after:*"); >>> } >>> --- >>> >>> My problem is apparently with the sequence of the pipeline, as with the >>> above stated "after:*" the service never is actually executed (simple >>> System >>> out calls to check), with "before:*" I get an redirect error from the >>> server >>> ("indefinite loop") and without any declaration it again is not called at >>> all. >>> >>> I'd appreciate a little guidance on the correct way to solve that issue. >>> I >>> see the following options: >>> 1. Get AccessController invoked as the last service in Dispatcher >>> pipeline >>> (all other checks done before). I suspect SecurityChecker to break the >>> line. >>> 2. Figure out whether User is logged in already and do not break the >>> chain >>> in AccessController if User is not logged in. Next page request will do >>> the >>> check. >>> 3. Implement my own Security Checker and include the AccessController >>> into >>> that code. >>> >>> Regards >>> Daniel >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> For additional commands, e-mail: users-h...@tapestry.apache.org >>> >>> >>> >>> >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Regards, Christophe Cordenier. Committer on Apache Tapestry 5 Co-creator of wooki @wookicentral.com
