Kalle,
I'm think I'm making progress however I haven't found a good guide to
confirm I'm on the right track.
I have a persistent User entity (db+hibernate). The user has multiple
roles. I only really want to use the RequiresRoles annotation on pages
(and some methods) at this point.
So what I've done so far:
AuthorizingRealm and my doGetAuthenticationInfo creates a SimpleAccount
with the roles set populated.
But once the code hits a RequiresRole annotation, the
realm.doGetAuthorizationInfo is called.
I don't want to go back to my persistent entity at this point since I've
already told the security module about the user's roles.
How do I make AuthorizingRealm cache the SimpleAccount returned from
doGetAuthenticationInfo and use it for doGetAuthorizationInfo?
Also, I'd expect this cache element to have the same lifecycle as the
user's session, is that the case?
Thanks, Paul.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
