look here for example: http://svn.codehaus.org/chenillekit/trunk/chenillekit-access/src/main/java/org/chenillekit/access/services/impl/RestrictedWorker.java
with regards Sven Homburg Founder of the Chenille Kit Project http://chenillekit.codehaus.org 2010/8/11 mfz2008 <fanzhen.m...@gmail.com>: > > hey,I using annotation to do permission checking in t5. > the following is what I have done!! > In page class: > > > @ProtectedPage({ "admin","editor","fmanager"}) > public class LibraryEdit extends BasePage { > > //submit the form, it is a event handle method > �...@protectedmethod(value={"admin"}) > Object onSuccessFromEdit() { > mmsLibraryService.save(_library); > return this; > } > } > > > > @ProtectedPage and @ProtectedMethod are both my annotation which are used in > my PageProtectionFilter class, and what is in my PageProtectionFilter : > > > > public class PageProtectionFilter implements ComponentRequestFilter { > > private final PageRenderLinkSource _pageRenderLinkSource; > private final ComponentSource _componentSource; > private final Response _response; > private ApplicationStateManager _sessionStateManager; > private SecurityFinderService _securityService; > private final Logger _logger; > > /** > * Receive all the services needed as constructor arguments. When we > bind > this service, T5 IoC will provide all the > * services! > */ > public PageProtectionFilter(PageRenderLinkSource pageRenderLinkSource, > ComponentSource componentSource, > Response response, ApplicationStateManager asm,@Inject > SecurityFinderService securityService,Logger logger) { > _pageRenderLinkSource = pageRenderLinkSource; > _response = response; > _componentSource = componentSource; > _sessionStateManager = asm; > _securityService = securityService; > _logger = logger; > } > > //page filter > public void handlePageRender(PageRenderRequestParameters parameters, > ComponentRequestHandler handler) > throws IOException { > if (isAuthorisedToPage(parameters.getLogicalPageName())) { > handler.handlePageRender(parameters); > } > else { > // The method will have redirected us to the login page > return; > } > > } > > //component filter > public void handleComponentEvent(ComponentEventRequestParameters > parameters, ComponentRequestHandler handler) > throws IOException { > > String eventType = parameters.getEventType(); > String nci = parameters.getNestedComponentId(); > > if > (isAuthorisedToComponent(parameters.getActivePageName(),eventType,nci)) > { > handler.handleComponentEvent(parameters); > } > else { > return; > } > } > > // for page .........annotation work well in this method > > public boolean isAuthorisedToPage(String requestedPageName) throws > IOException { > > // If the requested page is annotated @ProtectedPage... > Component page = _componentSource.getPage(requestedPageName); > boolean protectedPage = > page.getClass().getAnnotation(ProtectedPage.class) > != null; > > if (protectedPage) { > > // If the session contains a Visit then you have > already been > authenticated > > if (_sessionStateManager.exists(Visit.class)) { > // We could do some role checking where but we > won't. You're authorised. > Visit visit = > _sessionStateManager.get(Visit.class); > String roles[] = > page.getClass().getAnnotation(ProtectedPage.class).value(); > if(ArrayUtils.contains(roles, > visit.getMyRole())) > return true; > else{ > Link accessDeniedPageLink = > _pageRenderLinkSource.createPageRenderLink(AccessDenied.class); > > _response.sendRedirect(accessDeniedPageLink); > return false; > } > } > > // Else if "auto-login" is on, then automatically log > in. > // - this facility is for development environment > only. It avoids getting > you thrown out of the > // app every time the session clears eg. when app is > restarted. > > else if (isAutoLoginOn()) { > autoLogin(1L); > return true; > } > > // Else go to the Login page > > else { > Link loginPageLink = > _pageRenderLinkSource.createPageRenderLink(Index.class); > _response.sendRedirect(loginPageLink); > return false; > } > } > else { > return true; > } > } > > //and could not work well here ..... > > public boolean isAuthorisedToComponent(String requestedPageName,String > eventType,String nci) throws IOException { > > Component component = > _componentSource.getComponent(requestedPageName+":"+nci); > boolean isProtectedMethod = false; > String protectedMethod = ""; > Method[] methods = component.getClass().getMethods(); > for (Method method : methods) { > String str = method.getName().toLowerCase(); > if(str.endsWith(nci)){ > isProtectedMethod = > method.getAnnotation(ProtectedMethod.class) != null; > protectedMethod = method.getName(); > break; > } > } > if (isProtectedMethod) { > // If the session contains a Visit then you have > already been > authenticated > if (_sessionStateManager.exists(Visit.class)) { > Visit visit = > _sessionStateManager.get(Visit.class); > String roles[] = null; > try { > roles = > component.getClass().getMethod(protectedMethod, > null).getAnnotation(ProtectedMethod.class).value(); > } catch (Exception e) { > e.printStackTrace(); > } > if(ArrayUtils.contains(roles, > visit.getMyRole())) > return true; > else{ > Link accessDeniedPageLink = > _pageRenderLinkSource.createPageRenderLink(AccessDenied.class); > > _response.sendRedirect(accessDeniedPageLink); > return false; > } > } > > // Else if "auto-login" is on, then automatically log > in. > // - this facility is for development environment > only. It avoids getting > you thrown out of the > // app every time the session clears eg. when app is > restarted. > > else if (isAutoLoginOn()) { > autoLogin(1L); > return true; > } > > // Else go to the Login page > > else { > Link loginPageLink = > _pageRenderLinkSource.createPageRenderLink(Index.class); > _response.sendRedirect(loginPageLink); > return false; > } > > } > else { > return true; > } > } > /** > * Checks the value of system property jumpstart.auto-login. If "true" > then > returns true; if "false" then return > * false; if not set then returns false. > */ > private boolean isAutoLoginOn() { > boolean autoLogin = false; > if (_autoLoginStr == null) { > autoLogin = false; > } > else if (_autoLoginStr.equalsIgnoreCase("true")) { > autoLogin = true; > } > else if (_autoLoginStr.equalsIgnoreCase("false")) { > autoLogin = false; > } > else { > throw new IllegalStateException( > "System property auto-login has been > set to \"" > + _autoLoginStr > + "\". Please set it > to \"true\" or \"false\". If not specified at > all then it will default to \"false\"."); > } > return autoLogin; > } > > /** > * Automatically logs you in as the given user. Its intention is to > prevent > you being thrown out of the application > */ > private void autoLogin(Long userId) { > try { > User user = _securityService.findUser(userId); > > Visit visit = new Visit(); > visit.noteLogin(user); > > _logger.info(user.getLoginId() + " has been > auto-logged-in."); > > _sessionStateManager.set(Visit.class, visit); > } > catch (Exception e) { > throw new IllegalStateException(e); > } > } > } > > > > my problem is I could not get the annotation which I set on the t5 event > method. > actually, when I invoke : > ...................... > Component component = > _componentSource.getComponent(requestedPageName+":"+nci); > boolean isProtectedMethod = false; > String protectedMethod = ""; > Method[] methods = component.getClass().getMethods(); > for (Method method : methods) { > String str = method.getName().toLowerCase(); > if(str.endsWith(nci)){ > isProtectedMethod = > method.getAnnotation(ProtectedMethod.class) != null; > protectedMethod = method.getName(); > break; > } > } > ............... > the event method onSuccessFromEdit was not found methods array!!! > any helps are appreciated!!! > -- > View this message in context: > http://tapestry.1045711.n5.nabble.com/annotation-on-t5-event-method-couldn-t-work-tp2471453p2471453.html > Sent from the Tapestry - User mailing list archive at Nabble.com. >
