Hi All, I know there has been some discussion on best approaches in tapestry for authenticating access to web pages, so apologies if i have missed the answer to this:
Initially I was tempted by the simplest approach - that is just store some "UserState" in the session via @SessionState and check this in onActivate(). However I feel using a "@RequiresLogin" annotation approach is a little more robust. I've been following Howard's tutorial here: http://tapestryjava.blogspot.com/2009/12/securing-tapestry-pages-with.html Now my question is two-fold: 1) How do I define and contribute a service in tapestry? 2) How does this guy know that the user _is_ authenticated? Should my service cache logged-in users itself, or can it access the session? Thanks for help, Richard. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
