Hello, everyone! On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev <dmitry.gu...@gmail.com> wrote:
> As others pointed in this thread, the Tapestry way of dealing with your > requirement is to create a new component, > similar to `t:If`, that would accept a role name as it's parameter so you > could render it's body conditionally if user is in role, i.e.: > > public class HasRole extends > org.apache.tapestry5.corelib.base.AbstractConditional > { > @Inject RequestGlobals requestGlobals; > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) > String role; > > @Override > protected boolean test() > { > return requestGlobals.getHTTPServletRequest().isUserInRole(role); > } > } > > Above code is almost a copy-paste of tapestry-security's HasRole component > [4]. > I believe that, for the context of the question (i.e. not being able to use tapestry-security), that's the Right Way of doing this. You want something code encapsulated so it can be easily reused in Tapestry? Put it in a component (or a mixin in some cases), and Tapestry makes it very simple to do it. It may be possible to plug authentication and authorization logic from Spring Security into Shiro, which is incredibly well-architected and flexible, but I guess it's overkill here. I'd just make a little change: @Inject HttpServletRequest directly instead of getting it through RequestGlobals. -- Thiago