Hi Thiago,
thanks for the hint, I didn't knew that I can @Inject HttpServletRequest!
One never stops learning...
Thanks, Luca
> Sent: Saturday, April 28, 2018 at 8:55 PM
> From: "Thiago H. de Paula Figueiredo" <thiag...@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Hello, everyone!
>
> On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev <dmitry.gu...@gmail.com>
> wrote:
>
> > As others pointed in this thread, the Tapestry way of dealing with your
> > requirement is to create a new component,
> > similar to `t:If`, that would accept a role name as it's parameter so you
> > could render it's body conditionally if user is in role, i.e.:
> >
> > public class HasRole extends
> > org.apache.tapestry5.corelib.base.AbstractConditional
> > {
> > @Inject RequestGlobals requestGlobals;
> > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
> > String role;
> >
> > @Override
> > protected boolean test()
> > {
> > return requestGlobals.getHTTPServletRequest().isUserInRole(role);
> > }
> > }
> >
> > Above code is almost a copy-paste of tapestry-security's HasRole component
> > [4].
> >
>
> I believe that, for the context of the question (i.e. not being able to use
> tapestry-security), that's the Right Way of doing this. You want something
> code encapsulated so it can be easily reused in Tapestry? Put it in a
> component (or a mixin in some cases), and Tapestry makes it very simple to
> do it. It may be possible to plug authentication and authorization logic
> from Spring Security into Shiro, which is incredibly well-architected and
> flexible, but I guess it's overkill here.
>
> I'd just make a little change: @Inject HttpServletRequest directly instead
> of getting it through RequestGlobals.
>
> --
> Thiago
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
