[
https://issues.apache.org/jira/browse/TAPESTRY-1782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12563915#action_12563915
]
Alexander Gavrilov commented on TAPESTRY-1782:
----------------------------------------------
I dont want to call cycle.getListenerParameters() from validate or activate. I
want to use the things for whatever they are right.
The tapestry page is an object. Page contains data, accessible through getters
and setters. According documentation IPage validate() is responsible to check
that the user is allowed to visit the page (i mean object). But In the current
implementation this method can only check that the user is allowed to visit
the pages of that type (i mean class).
What you propose is to implement validation listener in the each application
Page class to check pagameters, specific for this page.
What i want is to use activateExternalPage to initialize pages with context
data. For example ViewAccountPage will be initialized by Account, loaded from
DB in the activateExternalPage and stored in the page property. And i want to
have one generic validation method, thats pass initialized page object to the
security subsystem, ascing "can this page object be accessible by the current
user or not". The security subsystem known about each application page type
and about security sensitive data stored in that page. And if request comes for
ViewAccountPage, then security subsytem check "has the current user permission
to access to the Account instance stored in the page property or not".
> Call IExternalPage.activateExternalPage before IPage#validate
> -------------------------------------------------------------
>
> Key: TAPESTRY-1782
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1782
> Project: Tapestry
> Issue Type: Wish
> Components: Framework
> Affects Versions: 4.1.3
> Reporter: Alexander Gavrilov
> Assignee: Jesse Kuhnert
> Priority: Critical
>
> We are required to check user right to access the page based on parameners,
> thats are commig from activateExternalPage. But because activateExternalPage
> invoked after validate we can't do that in the proposed validate() method.
> So, in the current implementation validate can be used for role-based
> security only (to check is user authenticated or not, or is user belong to
> some role or not), and this is very limited. What we do now, we introduce new
> interface IActivatePage with single method activate(), which are caller right
> after validate() for non external service invocations or after
> activateExternalPage for external service invocations. In this method we
> setting up page context properties, and invoking drools to check the current
> user right for initialized page object. Its wold be nice, to have
> IPage#validate invoked before IExternalPage.activateExternalPage, or to have
> aothe method like activate, that will be called in the services directly
> after the activateExternalPage for External service, or after validate() for
> another services.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
