Hmm. My thoughts (also from our own homebrew User/SecurePage derivations): > I can't agree with that. Only a portion of our Webware applications > require security; most of the servlets we run are for publicly available > sites, and security just isn't necessary. It should definitely be optional. > > Sure, you could turn it off by setting a method like > thisPageNeedsSecurity() but that doesn't seem like the traditional way.
We have a SecurePage, a LoginPage, and a RoleMixin (which is almost always mixed with SecurePage at the commone level). Any page which requires a user to login ultimately derives from the SecurePage. Some of our sites use a simple SQL query-based method of implementing users, others use ORM User and Role objects. Because of this variance, SecurePage+RoleMixin provide a common interface at the Page level for getLoggedInUser() and userHasRole(user, role). For most of these pages, users must be logged in. However, we have a simple flag method (as you describe...requiresValidUser()) for pages that have both a public display and user-specific display. Just thoughts for the mill. Nothing very different from the SecurePage example. - Luke ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
