> I don't know if this suits your requirements, but the way I handle this
> problem is to do the authentication in .java files. Remember each layout
> and screen can have its own .java file, which is run before the layout
> or screen is rendered. These Java classes can change the template or
> issue redirects or anything, as necessary. So you could create a Default
> class in the appropriate directory (eg.
> src/java/project/modules/screens/Default.java) and create a class called
> Default (extends VelocitySecureScreen) which does something in its
> inherited isAuthorised method. Turbine (or Velocity, I'm not sure which)
> will run the Default class for all screens which don't have a specific
> .java file. This means that you can override the authorisation
> verification mechanism for the login page (which obviously doesn't need
> prior authority).
>
> See VelocitySecureScreen for more details.
>
> I actually have all project screens as subclasses of a subclass of
> VelocitySecureScreen. The subclass of VelocitySecureScreen handles
> inadequate authorisations gracefully (whatever that might be, relative
> to the nature of the particular web application). I do this sort of
> subclassing for Actions, too, so that neither screens or actions can be
> misused.
Yes, I know of that model and in fact I am most likely sticking with it.
I was really playing around with the Pull model to see if I could
eliminate the java classes associated with the screens altogether and
at the same time make it possible to change the permissions required
to access a screen within the template itself. (Answer: yes it can, but
don't try to do it from a velocimacro).
Using a Default class to set the permissions applicable for a directory
of screens makes things easier, but I was seeing how far the boundaries
could be pushed.
<not_in_any_way_comparing_velocity_to_asp>
As for "#stop", its problem is that it cannot be used within an #if in
the same way that ASP's "Response.end" command can.
</not_in_any_way_comparing_velocity_to_asp>
Cheers,
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
