Hi Kalle, we are forced to use spring security, and cannot migrate to shiro. Beside it, I don't like the idea to glue my code to external libraries, using annotations or other code that may have a different lifecycle.
I can wait as I want to update my code, but, if there is a security issue, I must be immediately able to update my security libs. I like much more to declare security constraint outside my app (spring allows to do this with an xml file inside the WEB_INF folder) and use the standard servlet api, so I can migrate to a new version whenever I need. I will take a look at the code. I guess I will need to create a custom component, but, in my humble opinion, it's a too big effort to write a component simply to access access the request object from a tml. Anyway, thanks for your hint, larzeni > Sent: Saturday, April 28, 2018 at 12:52 AM > From: "Kalle Korhonen" <kalle.o.korho...@gmail.com> > To: "Tapestry users" <users@tapestry.apache.org> > Subject: Re: Access request from tml / standard servlet api role support > > Tapestry-security (http://www.tynamo.org/tapestry-security+guide/) supports > request.isuserInRole and provides components similar to the one suggested, > i.e. > > <t:security.hasRole role="admin"> > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > </t:security.hasRole> > > Kalle > > > > > On Fri, Apr 27, 2018 at 3:41 PM, pico.dev <pico....@gmail.com> wrote: > > > Hi, > > > > Maybe you can implement a new conditional component that checks the role > > and render or not its body. Something like this: > > > > <t:isUserInRole role="ADMIN"> > > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > > </t:isuserInRole> > > > > See https://tapestry.apache.org/component-rendering.html > > > > Regards, > > > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni (<l.arz...@iname.com>) > > escribió: > > > > > Hi, > > > I'm using tapestry5.4 with java 8. > > > > > > I am using the standard servlet API to check if a user is in role or not, > > > to hide or show buttons, links, and so on. > > > > > > For example, I need to show a button to the user only if the user has > > been > > > granted a role. > > > > > > My usual way to to this is: > > > > > > 1) create a method in the page, for example: > > > > > > @Inject > > > RequestGlobals m_requestGlobals; > > > > > > public boolean isUserAdmin() { > > > if (m_requestGlobals == null) { > > > return false; > > > } > > > return m_requestGlobals.isUserInRole("ADMIN"); > > > } > > > > > > 2) then, in the tml, check the method using a t:if component, for > > example: > > > > > > <t:if test="userAdmin"> > > > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > > > </t:if> > > > > > > This is not so good, since I must reimplement the same method in many > > > pages. > > > > > > Is there any way could I access the requestGlobals directly from tml? > > > > > > My goql would be to write, directly in the tml, something like: > > > > > > > > > <t:if test="request.isuserInRole('ADMIN')"> > > > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > > > </t:if> > > > > > > > > > Is it possible to do this with tapestry5? > > > > > > Thanks in advance, > > > larzeni > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
