Hello, everyone!

On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev <dmitry.gu...@gmail.com>
wrote:

> As others pointed in this thread, the Tapestry way of dealing with your
> requirement is to create a new component,
> similar to `t:If`, that would accept a role name as it's parameter so you
> could render it's body conditionally if user is in role, i.e.:
>
> public class HasRole extends
> org.apache.tapestry5.corelib.base.AbstractConditional
> {
>     @Inject RequestGlobals requestGlobals;
>     @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
> String role;
>
>     @Override
>     protected boolean test()
>     {
>         return requestGlobals.getHTTPServletRequest().isUserInRole(role);
>     }
> }
>
> Above code is almost a copy-paste of tapestry-security's HasRole component
> [4].
>

I believe that, for the context of the question (i.e. not being able to use
tapestry-security), that's the Right Way of doing this. You want something
code encapsulated so it can be easily reused in Tapestry? Put it in a
component (or a mixin in some cases), and Tapestry makes it very simple to
do it. It may be possible to plug authentication and authorization logic
from Spring Security into Shiro, which is incredibly well-architected and
flexible, but I guess it's overkill here.

I'd just make a little change: @Inject HttpServletRequest directly instead
of getting it through RequestGlobals.

-- 
Thiago

Reply via email to