> What's the preferred way to mix public and private pages within a
> single JServ servlet zone? The FSD doc says:
>
> "...for the pages that you will want to make secure, you should define
> a Layout that executes the SessionValidator action to make things
> secure. Then, your Screens should call that "secure" Layout."
>
> It seems simpler to use a custom SessionValidator whose
> requiresNewSession() method would return false for the public
> screens. Those screen names could be listed in a properties file
> somewhere. Is that a bad idea?
>
Bad idea? No, not really. Perhaps a bit impure from an OO viewpoint, though.
Here's another possible impl:
1. Define a SecureScreen class that extends Screen.
2. Make your non-public screens extend SecureScreen and your public screens
extend Screen.
3. Impl SecureScreen.build() to look something like this:
protected ConcreteElement build(RunData datd) {
// Perform authorization
if (isAuthorizedUser(data)) {
return doBuild(data);
} else {
throw new Exception("User is not authorized to view this
scren.");
// or return some error message
}
}
private boolean isAuthorizedUser(RunData data) {
// Perform SessionValidator check here.
}
Note: If you want to mix WebMacro and non-WebMacro secure screens, you'll have
to define two new base classes - SecureScreen (extends Screen) and
SecureWebMacroSiteScreen (extends WebMacroSiteScreen). Ah, the dilemmas of
single-inheritance. ;-)
More info:
<http://www.mail-archive.com/[email protected]/msg01598.html>
> -- Travis Low
> <mailto:[EMAIL PROTECTED]>
> <http://dawnstar.org/travis>
>
--
Christopher Elkins
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
