Taha,
I'm waiting.
2010/12/30 Taha Hafeez <tawus.tapes...@gmail.com>
> Thanks
>
> There are three build-in rules Role, Principal, IP
>
> You can create your own rule by implementing the interface
>
> package com.google.code.tapestryaddons.security;
>
> public interface SecurityRuleHandler {
>
> boolean matches(String value);
>
> }
>
> e.g I implemented the IP rule like this
>
> public class IPRuleHandler implements SecurityRuleHandler{
>
> private RequestGlobals requestGlobals;
>
> public IPRuleHandler(RequestGlobals requestGlobals){
> this.requestGlobals = requestGlobals;
> }
>
> public boolean matches(String value) {
> try {
> return
> IPUtils.matches(requestGlobals.getHTTPServletRequest().getRemoteAddr(),
> value);
> } catch (UnknownHostException e) {
> throw new RuntimeException("Could not apply IP based Rule for :
> " + value, e);
> }
> }
> }
>
>
> Now you can apply the rule on a page or component l ike
>
> @Secure(policy=SecurityPolicy.ALLOW, "ip:192.168.1.0/24")
> public class Index {
> }
>
> this page will be visible only through these ips and from any other page it
> will throw a SecurityException
>
> I am writing not only the documentation but also a tutorial titled "How to
> implement your own security in Tapestry5".
> Hope to publish it as a Wiki on the same project site this weekend
>
> regards
> Taha
>
>
>
> On Thu, Dec 30, 2010 at 7:44 PM, Pablo Borges <pablosbor...@gmail.com
> >wrote:
>
> > Taha, congratulations.
> >
> > how do I implement my rules?
> > example:
> >
> > User: rules, rules, etc..
> >
> > write a documentation explaining how it works. could be the actual site
> of
> > the project.
> >
> > abs.
> >
> > 2010/12/30 Taha Hafeez <tawus.tapes...@gmail.com>
> >
> > > Hi
> > >
> > > I have created a tapestry-security project based on tapestry5 with no
> > > dependencies on any security frameworks...
> > >
> > >
> > > SMALL INTRODUCTION
> > > -------------------------------------------
> > >
> > > It supports Roles, Principals & IP for now and I intend to add
> > permissions
> > > also..
> > >
> > > there are three components
> > >
> > > IfPrincipal
> > > IfRole
> > > IfIP
> > >
> > > which can be used in templates to make conditional inclusion of
> > components
> > >
> > > It also supports
> > >
> > > @Secure annotation
> > >
> > > which takes two parameters
> > >
> > > policy => Allow | Deny
> > > value => String [] {rule1, rule2, rule3 } which contains rules
> > >
> > > Rules can be specified as
> > >
> > > prefix:value1,value2,value3
> > >
> > > prefixes are role, principal and ip for now. Role is default
> > >
> > > value1,value2,value3 are ORed while rule1,rule2,rule3 are ANDed
> > >
> > > e.g
> > >
> > > @Secure({"ADMIN,USER"})
> > >
> > > will allow access to both whereas
> > >
> > > @Secure({"ADMIN"}, {ip:172.19.0.0/16})
> > >
> > > will allow access to admin from network 172.19.0.0/16 only
> > >
> > > @Secure can be applied on page, component or a method for now and I
> > intend
> > > to extend it to package level also
> > >
> > > By implementing SecurityRuleHandler one can create a new Rule
> > >
> > > ======================================================================
> > >
> > > Now why one more project when there are so many good choices around
> > > ? Honestly just to learn Tapestry5 but now we are seriously
> considering
> > it
> > > in our few small modules and later may consider it is other projects
> also
> > >
> > > Just checkout the source code to see how great tapestry5 is and how
> > simple
> > > it is to create your own security project
> > >
> > > The project is at
> > >
> > > http://code.google.com/p/tapestry-addons/
> > >
> > > the source code is avaliable at
> > >
> > > http://code.google.com/p/tapestry-addons/source/browse/
> > >
> > > trunk/security
> > >
> > > regards
> > > Taha
> > >
> >
> >
> >
> > --
> > --------------------------------------------------------
> > Pablo S. Borges
> > Bacharel em Ciência da Computação
> > Especialista em Qualidade e Gestão de Software
> > SCJP - Sun Certified Java Programmer 1.4
> >
>
