Okay, I'm absolutely baffled. Why do you need to mess with the
SessionValidator in order to have a public portion of a web application?
We've built an application that has both public and secure (login required
areas). The public screen templates all use a screen class that extends
from VelocityScreen, and the private screen templates extend from a Screen
that extends VelocitySecureScreen, and makes a call to our PolicyService to
determine whether a user has the appropriate permissions to access the
requested screen. (Note: this design I pretty much garnered from post to
this list, and the archives). The layouts for the screens are all
determined based on Turbine's algorithm for finding the associated layout
for a given screen template.
Why would one need to mess with the SessionValidator? I'm baffled.
Skip
> -----Original Message-----
> From: Jason van Zyl [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 25, 2002 11:21 AM
> To: Turbine Users List
> Subject: Re: How to make some tamplet public (ie no login requiered)
>
>
> On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote:
> > Hello,
> > I am using the TDK for Turbine 2.1, and I cannot find a way
> of making part
> > of my layout/template public.
> > Most of my aplication needs logging to be used but, i have
> a part which must
> > be freely accessible also this part has his own layout.
> > Thanks in advance for your help.
>
> With Turbine 2.x all the session validators require security
> (which I'm
> sure you've discovered now) ... So what I would recommend in a 2.x
> environment is to create a SessionValidator that can take a
> peek at the
> URL before doing anything. You can probably make something using a
> simple string comparison (or even a regular expression) and if it's a
> path that doesn't require security then by pass security.
>
> You can probably modify one this file:
>
> http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/a
pache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidato
r.java?rev=1.3&content-type=text/vnd.viewcvs-markup
Before the data.populate() you could do something like:
-> get url path
-> get a list of insecure paths from the TRP
-> if you get a match bypass security otherwise use security
Let me know if you need further help, this might be a class worth
introducing into the t2 branch.
> Benjamin
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
jvz.
Jason van Zyl
[EMAIL PROTECTED]
http://tambora.zenplex.org
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
