RE: Role based security

Tue, 27 Feb 2007 07:50:37 -0800 

Ignore the Mediator class it is one of ours.  The real logic is in the else.  
We store user and role in the visit and check when needed.

public class ValidatePage
    extends BasePage
    implements PageValidateListener
{
    public void pageValidate(PageEvent event)
    {
        Mediator mediator = MgmtFactory.getMediator();
        if (!mediator.isConsole())
        {
            IPage messagePage = getRequestCycle().getPage("nonAdminConsole");
            throw new PageRedirectException(messagePage);
        }
        else
        {
            // If there is no visit object or the user isn't auth'd ship
            // them off to the login page
            Visit visit = (Visit)getVisit();
            if (visit == null || !visit.isUserAuthenticated())
            {
                Login login = (Login)getRequestCycle().getPage("login");
                throw new PageRedirectException(login);
            }
        }
    }
}

hth,

Mark

Mark J. Stang
Senior Engineer/Architect
office: +1 303.468.2900
mobile: +1 303.507.2833
Ping Identity



-----Original Message-----
From: Borut Bolcina [mailto:[EMAIL PROTECTED]
Sent: Tue 2/27/2007 7:08 AM
To: Tapestry users
Subject: Role based security
 
Hello list,

I was wondering if there is a better way of securing page components 
than using @If components (example from VirtualLibrary for Tapestry 
v4.0, Border.html)

<span jwcid="@If" condition="ognl:admin">
      <tr>
        <td rowspan="1" colspan="1" width="178" height="19"><img 
src="/vlib/images/nav/nav_6x1.png" width="178" height="19" border="0" 
alt="Admin"/></td>
      </tr>
      ...
</span>
   
<span jwcid="@If" condition="ognl:loggedIn">
      <tr>
        <td rowspan="1" colspan="1" width="178" height="29"><a href="#" 
jwcid="logout"><img jwcid="logoutRollover" 
src="/vlib/images/nav/nav_10x1.png" width="178" height="29" border="0" 
alt="Logout"/></a></td>
      </tr>
</span>

<span jwcid="@If" condition="ognl:!loggedIn">
      <tr>
        <td rowspan="1" colspan="1" width="178" height="29"><a href="#" 
jwcid="login"><img jwcid="loginRollover" 
src="/vlib/images/nav/nav_10x1.png" width="178" height="29" border="0" 
alt="Login"/></a></td>
      </tr>
</span>


I read all I could find on the list about acegi and a wiki entries 
starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none 
of the texts mention or suggests something like

<span jwcid="@Secured" role="acegi:{ROLE_USER, ROLE_ADMIN}">
      <tr>
        <td rowspan="1" colspan="1" width="178" height="19"><img 
src="/vlib/images/nav/nav_6x1.png" width="178" height="19" border="0" 
alt="Admin"/></td>
      </tr>
      ...
</span>

How about creating such component? How do you guys do it?

Cheers,
Borut


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to