Depending on the application. We use JASIG CAS server for authentication. It is used at many big US universities and it is best used as a single sign on solution for many websites. But it's pretty easy to setup and customizable that can be used even on small sites. - Once logged in on CAS, the user gets a ticket which is recognized by any application - CAS has many client libraries (so you can use it in php, .net, java, ...) and supports authentication to many user sources (sql, ldap, file, ...)
For our Tapestry application we needed to have role-based access control to pages (depending on roles that the user has, he is given access to a page or not). We started with CAS authentication - CAS is setup as a filter for the urls that need access-control, it wont allow you to even open the url unless you have a log in and it is a system that I trust, so I am sure that every page is visited only by logged in users. After the user has logged in it is forwarded to the protected pages and REMOTE_USER is setup in the request. - So CAS is the first thing that is checked on each request, but it is checked by the CAS filter itself without your application even knowing about it - We have each page annotated in the java source with custom annotations - one for each user role (we only have few different user roles) - You only have to check if the user has one of the roles that the page requires (see the other thread about implementing security). But ... this was all after I decided to drop out Spring Security (acegi successor) from the Tapestry app because for our case it didn't help much, the code I have writted and mentioned previously was the same in both cases. On the other hand, CAS uses Spring internally to realize all it's customizability On 10/18/2010 05:52 PM, Muhammad Mohsen wrote: > Hi All, > > I'm currently trying to decide what framework to use to secure my tapestry > applications efficiently and easily. So I found tapestry-acegi and > tynamo-security so far. Been reading some about tynamo's. > May be someone could share his experience with either frameworks or securing > tapestry applications in general. > > Regards.
smime.p7s
Description: S/MIME Cryptographic Signature
