Because Tapestry filters all incoming requests through a single servlet, it isn't a good candidate for declarative, role-based authentication.
Tapestry relies on a general page call-back, method IPage.validate(), to validate incoming requests. That is somewhat coarse-grained; you can also implement security checks directly in your listener methods. Tapestry inlcudes a sophticated subsystem, the interface ICallback and its implementations, that allow you to (for example) route the user through a login screen and then call back to a protected bit of functionality. Because Tapestry is so extensible, you could implement an application-specific declarative security model if you wish. One can envision a new component and service that enforces some form of security authentication. ----- Original Message ----- From: "ethan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 22, 2002 7:31 AM Subject: How to handle security issues Tapestry > Hi Howard, > > I am doing an evaluation of Tapestry and the first question off my mind is > how do I ensure a person can view certain pages only and not others? > > I am still studying the documentation and from the quick glance at the TOC > gives me a feeling I have to do more reading before I find the answer OR it > is just too simple to do it in Tapestry. ;> > > Hope u could provide a answer or hints to where I can find the answer. > > Thanks a million. > Ethan > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Tapestry-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/tapestry-developer
