[ http://issues.apache.org/jira/browse/TAPESTRY-209?page=comments#action_12318743 ]
Howard M. Lewis Ship commented on TAPESTRY-209: ----------------------------------------------- Couldn't you then simply do your validation from inside activateExternalPage() and not even implement PageValidateListener? However, I am considering this, it does seem like a pretty reasonable idea. > order of validate & activateExternalPage > ---------------------------------------- > > Key: TAPESTRY-209 > URL: http://issues.apache.org/jira/browse/TAPESTRY-209 > Project: Tapestry > Type: Bug > Components: Framework > Versions: 3.0 > Environment: Operating System: All > Platform: All > Reporter: joe panico > Assignee: Tapestry Developer List > > I'm proposing that the current implementations of > ExternalService/ExternalCallback are somewhat broken for real-world > applications. The problem is the order in which validate() and > activateExternalPage(parameters, cycle) are called on the target > IExternalPage. > Currently, the External Service/callback implementations follow this sequence: > 1) cycle.activate(page); > activate() will trigger a call to validate() > 2) page.activateExternalPage(parameters, cycle); > This means that validate(IRequestCycle) will be called on a target > IExternalPage _before_ the state has been set (activateExternalPage) on that > page. For most of my pages, I'm performing _stateful_ page validation, in > other words validate has to check not only that a particular user is allowed > to see a particular ExternalPage, but also that the user is allowed to see > particular _target state (content)_ in that page. So I've been using my own > copy of ExternService that simply switches the order of these operations. > A concrete example: > I have an ExternalPage which represents a page in a Photo Album. The > identities > of the Photo and Photo Album which are the target (content) of this > ExternalPage > are encoded in the URL (they are ExternalPage parameters). > > This page is "protected", meaning that it may require the user authenticate > before viewing an album. The Page may also require _authorization_, meaning > that > only certain users are allowed to view that particular album in that > particular > page. In other words, the state (album id) associated with that page is > required > in order to perform page.validate(). > I propose an easy fix for this problem. Simply reorder the validate and > activateXternalPage operations. The new implementation would look like this: > ... > Object[] parameters = getParameters(cycle); > cycle.setServiceParameters(parameters); > page.activateExternalPage(parameters, cycle); > cycle.activate(page); > // Render the response. > engine.renderResponse(cycle, output); > ... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
