On Mon, 2002-02-25 at 12:34, Skip Walker wrote: > > > Okay, I'm absolutely baffled. Why do you need to mess with the > SessionValidator in order to have a public portion of a web application?
This is only one way to do it, there are many ways you could do it in turbine 2.x which will change in turbine 3.x to be more concise. The session validator what actually directs you to a page believe it or not. I only discovered this when breaking turbine apart into t3. I only suggested what I thought might be easier with the default TDK sample app setup. > We've built an application that has both public and secure (login required > areas). The public screen templates all use a screen class that extends > from VelocityScreen, and the private screen templates extend from a Screen > that extends VelocitySecureScreen, and makes a call to our PolicyService to > determine whether a user has the appropriate permissions to access the > requested screen. (Note: this design I pretty much garnered from post to > this list, and the archives). The layouts for the screens are all > determined based on Turbine's algorithm for finding the associated layout > for a given screen template. Yes, a policy is the way to go. > Why would one need to mess with the SessionValidator? I'm baffled. Duly noted :-) We are trying to make things less baffling in t3. > Skip > > > > -----Original Message----- > > From: Jason van Zyl [mailto:[EMAIL PROTECTED]] > > Sent: Monday, February 25, 2002 11:21 AM > > To: Turbine Users List > > Subject: Re: How to make some tamplet public (ie no login requiered) > > > > > > On Mon, 2002-02-25 at 12:10, Benjamin Hille wrote: > > > Hello, > > > I am using the TDK for Turbine 2.1, and I cannot find a way > > of making part > > > of my layout/template public. > > > Most of my aplication needs logging to be used but, i have > > a part which must > > > be freely accessible also this part has his own layout. > > > Thanks in advance for your help. > > > > With Turbine 2.x all the session validators require security > > (which I'm > > sure you've discovered now) ... So what I would recommend in a 2.x > > environment is to create a SessionValidator that can take a > > peek at the > > URL before doing anything. You can probably make something using a > > simple string comparison (or even a regular expression) and if it's a > > path that doesn't require security then by pass security. > > > > You can probably modify one this file: > > > > http://cvs.apache.org/viewcvs/jakarta-turbine-2/src/java/org/a > pache/turbine/modules/actions/sessionvalidator/TemplateSecureSessionValidato > r.java?rev=1.3&content-type=text/vnd.viewcvs-markup > > Before the data.populate() you could do something like: > > -> get url path > -> get a list of insecure paths from the TRP > -> if you get a match bypass security otherwise use security > > Let me know if you need further help, this might be a class worth > introducing into the t2 branch. > > > Benjamin > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- > jvz. > > Jason van Zyl > [EMAIL PROTECTED] > > http://tambora.zenplex.org > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- jvz. Jason van Zyl [EMAIL PROTECTED] http://tambora.zenplex.org -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
