Hi
I have created a tapestry-security project based on tapestry5 with no
dependencies on any security frameworks...
SMALL INTRODUCTION
-------------------------------------------
It supports Roles, Principals & IP for now and I intend to add permissions
also..
there are three components
IfPrincipal
IfRole
IfIP
which can be used in templates to make conditional inclusion of components
It also supports
@Secure annotation
which takes two parameters
policy => Allow | Deny
value => String [] {rule1, rule2, rule3 } which contains rules
Rules can be specified as
prefix:value1,value2,value3
prefixes are role, principal and ip for now. Role is default
value1,value2,value3 are ORed while rule1,rule2,rule3 are ANDed
e.g
@Secure({"ADMIN,USER"})
will allow access to both whereas
@Secure({"ADMIN"}, {ip:172.19.0.0/16})
will allow access to admin from network 172.19.0.0/16 only
@Secure can be applied on page, component or a method for now and I intend
to extend it to package level also
By implementing SecurityRuleHandler one can create a new Rule
======================================================================
Now why one more project when there are so many good choices around
? Honestly just to learn Tapestry5 but now we are seriously considering it
in our few small modules and later may consider it is other projects also
Just checkout the source code to see how great tapestry5 is and how simple
it is to create your own security project
The project is at
http://code.google.com/p/tapestry-addons/
the source code is avaliable at
http://code.google.com/p/tapestry-addons/source/browse/
trunk/security
regards
Taha
