Hi Dirk,
If you are not averse to servlet error pages then you can use
respose.sendError(), its the simplest solution. I am doing something very
similar, I use response.sendRedirect() for redirecting users with permissions,
but not logged... and sendError() for users with insufficient permissions:
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"Access to the requested resource is
denied");
and of course its very easy to customize these error pages. Of course some
people prefer to use exceptions with Tapestry pages and meta information as
described in the article, One thing I like about this approach as it is very
lightweight, and I don't ever need to load or configure a Tapestry page.
Kind regards,
Peter
----- Original Message -----
From: "dirk lattermann" <dirk.latterm...@bgs-ag.de>
To: users@tapestry.apache.org
Sent: Wednesday, 23 September, 2009 12:54:09 GMT +02:00 Athens, Beirut,
Bucharest, Istanbul
Subject: Proceeding after failed authorization checks
Hi!
I want to protect some pages based on the user groups the user is a member
of.
I have some partial success using
http://wiki.apache.org/tapestry/Tapestry5HowToControlAccess
For the annotation @Private used there, I defined a parameter indicating
the user group that is allowed to access the page.
In the howto, if a user that is not logged in tries to access a private
page, the login page is shown (which may or may not be a sufficient
solution there), using response.sendRedirect().
In my case, the user may be logged in but not as a member of the right
group. So, ideally, I'd like to present a page with some message with a
"back" link to the previously displayed application page or, if the page
was directly called, with the application start page.
The first problem is passing a message text to the message display page.
The first thing that came to my mind was a FLASH-persisted field, but as
the authorization-checking logic is in a Dispatcher, I cannot use this. I
could use the ApplicationStateManager to put some global object into the
session, but this doesn't seem right. How should I display a message to
the user?
The second problem is the link to the originating or to the start page. Is
this possible? Preferrably without javascript?
Thank you,
Dirk
BGS Beratungsgesellschaft
Software Systemplanung AG
Niederlassung Köln/Bonn
Grantham-Allee 2-8
53757 Sankt Augustin
Fon: +49 (0) 2241 / 166-500
Fax: +49 (0) 2241 / 166-680
www.bgs-ag.de
Geschäftssitz Mainz
Registergericht
Amtsgericht Mainz
HRB 62 50
Aufsichtsratsvorsitzender
Klaus Hellwig
Vorstand
Hermann Kiefer
Nils Manegold
Thomas Reitz
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
