subject:"Re\: Access request from tml \/ standard servlet api role support"

Re: Access request from tml / standard servlet api role support

2018-04-30 Thread Luca Arzeni

Hi Thiago,
thanks for the hint, I didn't knew that I can @Inject HttpServletRequest! 

One never stops learning...

Thanks, Luca

> Sent: Saturday, April 28, 2018 at 8:55 PM
> From: "Thiago H. de Paula Figueiredo" <thiag...@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Hello, everyone!
> 
> On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev <dmitry.gu...@gmail.com>
> wrote:
> 
> > As others pointed in this thread, the Tapestry way of dealing with your
> > requirement is to create a new component,
> > similar to `t:If`, that would accept a role name as it's parameter so you
> > could render it's body conditionally if user is in role, i.e.:
> >
> > public class HasRole extends
> > org.apache.tapestry5.corelib.base.AbstractConditional
> > {
> > @Inject RequestGlobals requestGlobals;
> > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
> > String role;
> >
> > @Override
> > protected boolean test()
> > {
> > return requestGlobals.getHTTPServletRequest().isUserInRole(role);
> > }
> > }
> >
> > Above code is almost a copy-paste of tapestry-security's HasRole component
> > [4].
> >
> 
> I believe that, for the context of the question (i.e. not being able to use
> tapestry-security), that's the Right Way of doing this. You want something
> code encapsulated so it can be easily reused in Tapestry? Put it in a
> component (or a mixin in some cases), and Tapestry makes it very simple to
> do it. It may be possible to plug authentication and authorization logic
> from Spring Security into Shiro, which is incredibly well-architected and
> flexible, but I guess it's overkill here.
> 
> I'd just make a little change: @Inject HttpServletRequest directly instead
> of getting it through RequestGlobals.
> 
> -- 
> Thiago
> 

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: Access request from tml / standard servlet api role support

2018-04-30 Thread Luca Arzeni

Hello Thiago,
ciao is fine, you are right!

The idea of binding prefix is interesting, I never thought of using it this way!
Thanks again,
Luca


> Sent: Saturday, April 28, 2018 at 8:55 PM
> From: "Thiago H. de Paula Figueiredo" <thiag...@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> On Sat, Apr 28, 2018 at 7:51 AM, Luca Arzeni <l.arz...@iname.com> wrote:
> 
> > Hi,
> >
> 
> Hello, Luca! (Ciao? :D )
> 
> 
> > this is an idea, but I was hoping to have direct access to the request.
> > In tapestry3 there was a direct way to access the Visit Object, and the
> > ognl was well documented, but it seems that there is no more similar in
> > tapestry5.
> >
> 
> There isn't and that's by design. The Tapestry 5 philosophy, at least the
> internal one, is to have the least code in templates possible, so
> ressurecting Tapestry 4-'s direct access to the request object wouldn't
> make sense, IMHO. You can always create your own binding prefixes, though,
> so you can do basically everything with Tapestry expressions as long as
> you're willing to implement a binding prefix.
> 
> 
> >
> > Thank you,
> > larzeni
> >
> >
> > > Sent: Saturday, April 28, 2018 at 12:41 AM
> > > From: "pico.dev" <pico@gmail.com>
> > > To: "Tapestry users" <users@tapestry.apache.org>
> > > Subject: Re: Access request from tml / standard servlet api role support
> > >
> > > Hi,
> > >
> > > Maybe you can implement a new conditional component that checks the role
> > > and render or not its body. Something like this:
> > >
> > > 
> > > SAVE DATA
> > > 
> > >
> > > See https://tapestry.apache.org/component-rendering.html
> > >
> > > Regards,
> > >
> > > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni (<l.arz...@iname.com>)
> > > escribió:
> > >
> > > > Hi,
> > > > I'm using tapestry5.4 with java 8.
> > > >
> > > > I am using the standard servlet API to check if a user is in role or
> > not,
> > > > to hide or show buttons, links, and so on.
> > > >
> > > > For example, I need to show a button to the user only if the user has
> > been
> > > > granted a role.
> > > >
> > > > My usual way to to this is:
> > > >
> > > > 1) create a method in the page, for example:
> > > >
> > > > @Inject
> > > > RequestGlobals m_requestGlobals;
> > > >
> > > > public boolean isUserAdmin() {
> > > > if (m_requestGlobals == null) {
> > > > return false;
> > > > }
> > > > return m_requestGlobals.isUserInRole("ADMIN");
> > > > }
> > > >
> > > > 2) then, in the tml, check the method using a t:if component, for
> > example:
> > > >
> > > > 
> > > > SAVE
> > DATA
> > > > 
> > > >
> > > > This is not so good, since I must reimplement the same method in many
> > > > pages.
> > > >
> > > > Is there any way could I access the requestGlobals directly from tml?
> > > >
> > > > My goql would be to write, directly in the tml, something like:
> > > >
> > > >
> > > > 
> > > > SAVE DATA
> > > > 
> > > >
> > > >
> > > > Is it possible to do this with tapestry5?
> > > >
> > > > Thanks in advance,
> > > > larzeni
> > > >
> > > > -
> > > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > > > For additional commands, e-mail: users-h...@tapestry.apache.org
> > > >
> > > >
> > >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
> 
> 
> -- 
> Thiago
>

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: Access request from tml / standard servlet api role support

2018-04-30 Thread Luca Arzeni

Hi Dmitry,
I ended up doing a component as you suggested.
I will take a look at tapestry-security when I have a little more time.
Thanks again,
larzeni


> Sent: Saturday, April 28, 2018 at 1:45 PM
> From: "Dmitry Gusev" <dmitry.gu...@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Hi Luca,
> 
> Component parameters syntax is built about binding expressions [1], i.e.
> "prefix:expression".
> 
> By default the prefix is "prop:", unless explicitly overridden for specific
> parameter [2].
> 
> You can find detailed explanation for property expressions, including its
> BNF grammar, in official Tapestry documentation [3].
> 
> Property expressions are always evaluated in the context of current
> page/component.
> 
> It's called "property" expression, because it uses JavaBean-notation
> properties (@Property annotation can generate get/set methods around field
> at runtime).
> 
> So in order for your expression `request.isUserInRole("ADMIN")` to work,
> the `request` must be a @Property (or has `getRequest()` method) in your
> page/component, i.e.:
> 
> @Inject
> @Property
> Request request;
> 
> There are no special cases for the built-in services in the BNF
> for property expressions [3].
> 
> As others pointed in this thread, the Tapestry way of dealing with your
> requirement is to create a new component,
> similar to `t:If`, that would accept a role name as it's parameter so you
> could render it's body conditionally if user is in role, i.e.:
> 
> public class HasRole extends
> org.apache.tapestry5.corelib.base.AbstractConditional
> {
> @Inject RequestGlobals requestGlobals;
> @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
> String role;
> 
> @Override
> protected boolean test()
> {
> return requestGlobals.getHTTPServletRequest().isUserInRole(role);
> }
> }
> 
> Above code is almost a copy-paste of tapestry-security's HasRole component
> [4].
> 
> The only difference is this component uses servlet API directly for role
> checking,
> while is tapestry-security is built around Apache Shiro [5],
> and provides more advanced security model than simple role model of the
> servlet API.
> 
> I highly recommend tapestry-security if you need anything more than
> built-in servlet API role model.
> 
> [1]
> http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions
> [2]
> https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix()
> [3] http://tapestry.apache.org/property-expressions.html
> [4] http://www.tynamo.org/tapestry-security+guide/
> [5] https://shiro.apache.org
> 
> On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni <l.arz...@iname.com> wrote:
> 
> > Hi,
> > I'm using tapestry5.4 with java 8.
> >
> > I am using the standard servlet API to check if a user is in role or not,
> > to hide or show buttons, links, and so on.
> >
> > For example, I need to show a button to the user only if the user has been
> > granted a role.
> >
> > My usual way to to this is:
> >
> > 1) create a method in the page, for example:
> >
> > @Inject
> > RequestGlobals m_requestGlobals;
> >
> > public boolean isUserAdmin() {
> > if (m_requestGlobals == null) {
> > return false;
> > }
> > return m_requestGlobals.isUserInRole("ADMIN");
> > }
> >
> > 2) then, in the tml, check the method using a t:if component, for example:
> >
> > 
> > SAVE DATA
> > 
> >
> > This is not so good, since I must reimplement the same method in many
> > pages.
> >
> > Is there any way could I access the requestGlobals directly from tml?
> >
> > My goql would be to write, directly in the tml, something like:
> >
> >
> > 
> > SAVE DATA
> > 
> >
> >
> > Is it possible to do this with tapestry5?
> >
> > Thanks in advance,
> > larzeni
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
> 
> 
> -- 
> Dmitry Gusev
> 
> AnjLab Team
> http://anjlab.com
> 

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: Access request from tml / standard servlet api role support

2018-04-28 Thread Thiago H. de Paula Figueiredo

Hello, everyone!

On Sat, Apr 28, 2018 at 8:45 AM, Dmitry Gusev 
wrote:

> As others pointed in this thread, the Tapestry way of dealing with your
> requirement is to create a new component,
> similar to `t:If`, that would accept a role name as it's parameter so you
> could render it's body conditionally if user is in role, i.e.:
>
> public class HasRole extends
> org.apache.tapestry5.corelib.base.AbstractConditional
> {
> @Inject RequestGlobals requestGlobals;
> @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
> String role;
>
> @Override
> protected boolean test()
> {
> return requestGlobals.getHTTPServletRequest().isUserInRole(role);
> }
> }
>
> Above code is almost a copy-paste of tapestry-security's HasRole component
> [4].
>

I believe that, for the context of the question (i.e. not being able to use
tapestry-security), that's the Right Way of doing this. You want something
code encapsulated so it can be easily reused in Tapestry? Put it in a
component (or a mixin in some cases), and Tapestry makes it very simple to
do it. It may be possible to plug authentication and authorization logic
from Spring Security into Shiro, which is incredibly well-architected and
flexible, but I guess it's overkill here.

I'd just make a little change: @Inject HttpServletRequest directly instead
of getting it through RequestGlobals.

-- 
Thiago

Re: Access request from tml / standard servlet api role support

2018-04-28 Thread Thiago H. de Paula Figueiredo

On Sat, Apr 28, 2018 at 7:51 AM, Luca Arzeni <l.arz...@iname.com> wrote:

> Hi,
>

Hello, Luca! (Ciao? :D )


> this is an idea, but I was hoping to have direct access to the request.
> In tapestry3 there was a direct way to access the Visit Object, and the
> ognl was well documented, but it seems that there is no more similar in
> tapestry5.
>

There isn't and that's by design. The Tapestry 5 philosophy, at least the
internal one, is to have the least code in templates possible, so
ressurecting Tapestry 4-'s direct access to the request object wouldn't
make sense, IMHO. You can always create your own binding prefixes, though,
so you can do basically everything with Tapestry expressions as long as
you're willing to implement a binding prefix.


>
> Thank you,
> larzeni
>
>
> > Sent: Saturday, April 28, 2018 at 12:41 AM
> > From: "pico.dev" <pico@gmail.com>
> > To: "Tapestry users" <users@tapestry.apache.org>
> > Subject: Re: Access request from tml / standard servlet api role support
> >
> > Hi,
> >
> > Maybe you can implement a new conditional component that checks the role
> > and render or not its body. Something like this:
> >
> > 
> > SAVE DATA
> > 
> >
> > See https://tapestry.apache.org/component-rendering.html
> >
> > Regards,
> >
> > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni (<l.arz...@iname.com>)
> > escribió:
> >
> > > Hi,
> > > I'm using tapestry5.4 with java 8.
> > >
> > > I am using the standard servlet API to check if a user is in role or
> not,
> > > to hide or show buttons, links, and so on.
> > >
> > > For example, I need to show a button to the user only if the user has
> been
> > > granted a role.
> > >
> > > My usual way to to this is:
> > >
> > > 1) create a method in the page, for example:
> > >
> > > @Inject
> > > RequestGlobals m_requestGlobals;
> > >
> > > public boolean isUserAdmin() {
> > > if (m_requestGlobals == null) {
> > > return false;
> > > }
> > > return m_requestGlobals.isUserInRole("ADMIN");
> > > }
> > >
> > > 2) then, in the tml, check the method using a t:if component, for
> example:
> > >
> > > 
> > > SAVE
> DATA
> > > 
> > >
> > > This is not so good, since I must reimplement the same method in many
> > > pages.
> > >
> > > Is there any way could I access the requestGlobals directly from tml?
> > >
> > > My goql would be to write, directly in the tml, something like:
> > >
> > >
> > > 
> > > SAVE DATA
> > > 
> > >
> > >
> > > Is it possible to do this with tapestry5?
> > >
> > > Thanks in advance,
> > > larzeni
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > > For additional commands, e-mail: users-h...@tapestry.apache.org
> > >
> > >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>


-- 
Thiago

Re: Access request from tml / standard servlet api role support

2018-04-28 Thread Dmitry Gusev

Hi Luca,

Component parameters syntax is built about binding expressions [1], i.e.
"prefix:expression".

By default the prefix is "prop:", unless explicitly overridden for specific
parameter [2].

You can find detailed explanation for property expressions, including its
BNF grammar, in official Tapestry documentation [3].

Property expressions are always evaluated in the context of current
page/component.

It's called "property" expression, because it uses JavaBean-notation
properties (@Property annotation can generate get/set methods around field
at runtime).

So in order for your expression `request.isUserInRole("ADMIN")` to work,
the `request` must be a @Property (or has `getRequest()` method) in your
page/component, i.e.:

@Inject
@Property
Request request;

There are no special cases for the built-in services in the BNF
for property expressions [3].

As others pointed in this thread, the Tapestry way of dealing with your
requirement is to create a new component,
similar to `t:If`, that would accept a role name as it's parameter so you
could render it's body conditionally if user is in role, i.e.:

public class HasRole extends
org.apache.tapestry5.corelib.base.AbstractConditional
{
@Inject RequestGlobals requestGlobals;
@Parameter(required=true, defaultPrefix=BindingConstants.LITERAL)
String role;

@Override
protected boolean test()
{
return requestGlobals.getHTTPServletRequest().isUserInRole(role);
}
}

Above code is almost a copy-paste of tapestry-security's HasRole component
[4].

The only difference is this component uses servlet API directly for role
checking,
while is tapestry-security is built around Apache Shiro [5],
and provides more advanced security model than simple role model of the
servlet API.

I highly recommend tapestry-security if you need anything more than
built-in servlet API role model.

[1]
http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions
[2]
https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix()
[3] http://tapestry.apache.org/property-expressions.html
[4] http://www.tynamo.org/tapestry-security+guide/
[5] https://shiro.apache.org

On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni  wrote:

> Hi,
> I'm using tapestry5.4 with java 8.
>
> I am using the standard servlet API to check if a user is in role or not,
> to hide or show buttons, links, and so on.
>
> For example, I need to show a button to the user only if the user has been
> granted a role.
>
> My usual way to to this is:
>
> 1) create a method in the page, for example:
>
> @Inject
> RequestGlobals m_requestGlobals;
>
> public boolean isUserAdmin() {
> if (m_requestGlobals == null) {
> return false;
> }
> return m_requestGlobals.isUserInRole("ADMIN");
> }
>
> 2) then, in the tml, check the method using a t:if component, for example:
>
> 
> SAVE DATA
> 
>
> This is not so good, since I must reimplement the same method in many
> pages.
>
> Is there any way could I access the requestGlobals directly from tml?
>
> My goql would be to write, directly in the tml, something like:
>
>
> 
> SAVE DATA
> 
>
>
> Is it possible to do this with tapestry5?
>
> Thanks in advance,
> larzeni
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

-- 
Dmitry Gusev

AnjLab Team
http://anjlab.com

Re: Access request from tml / standard servlet api role support

2018-04-28 Thread Luca Arzeni

Hi Kalle,
we are forced to use spring security, and cannot migrate to shiro.
Beside it, I don't like the idea to glue my code to external libraries, using 
annotations or other code that may have a different lifecycle.

I can wait as I want to update my code, but, if there is a security issue, I 
must be immediately able to update my security libs.
I like much more to declare security constraint outside my app (spring allows 
to do this with an xml file inside the WEB_INF folder) and use the standard 
servlet api, so I can migrate to a new version whenever I need.

I will take a look at the code. I guess I will need to create a custom 
component, but, in my humble opinion, it's a too big effort to write a 
component simply to access access the request object from a tml.

Anyway, thanks for your hint,
larzeni

> Sent: Saturday, April 28, 2018 at 12:52 AM
> From: "Kalle Korhonen" <kalle.o.korho...@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Tapestry-security (http://www.tynamo.org/tapestry-security+guide/) supports
> request.isuserInRole and provides components similar to the one suggested,
> i.e.
> 
> 
> SAVE DATA
> 
> 
> Kalle
> 
> 
> 
> 
> On Fri, Apr 27, 2018 at 3:41 PM, pico.dev <pico@gmail.com> wrote:
> 
> > Hi,
> >
> > Maybe you can implement a new conditional component that checks the role
> > and render or not its body. Something like this:
> >
> > 
> > SAVE DATA
> > 
> >
> > See https://tapestry.apache.org/component-rendering.html
> >
> > Regards,
> >
> > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni (<l.arz...@iname.com>)
> > escribió:
> >
> > > Hi,
> > > I'm using tapestry5.4 with java 8.
> > >
> > > I am using the standard servlet API to check if a user is in role or not,
> > > to hide or show buttons, links, and so on.
> > >
> > > For example, I need to show a button to the user only if the user has
> > been
> > > granted a role.
> > >
> > > My usual way to to this is:
> > >
> > > 1) create a method in the page, for example:
> > >
> > > @Inject
> > > RequestGlobals m_requestGlobals;
> > >
> > > public boolean isUserAdmin() {
> > > if (m_requestGlobals == null) {
> > > return false;
> > > }
> > > return m_requestGlobals.isUserInRole("ADMIN");
> > > }
> > >
> > > 2) then, in the tml, check the method using a t:if component, for
> > example:
> > >
> > > 
> > > SAVE DATA
> > > 
> > >
> > > This is not so good, since I must reimplement the same method in many
> > > pages.
> > >
> > > Is there any way could I access the requestGlobals directly from tml?
> > >
> > > My goql would be to write, directly in the tml, something like:
> > >
> > >
> > > 
> > > SAVE DATA
> > > 
> > >
> > >
> > > Is it possible to do this with tapestry5?
> > >
> > > Thanks in advance,
> > > larzeni
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > > For additional commands, e-mail: users-h...@tapestry.apache.org
> > >
> > >
> >
>

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: Access request from tml / standard servlet api role support

2018-04-28 Thread Luca Arzeni

Yeah, that was my old way of doing this thing, but it ties classes too much, so 
I discarded that code.
Thank you,
larzeni

> Sent: Saturday, April 28, 2018 at 12:49 AM
> From: "pico.dev" <pico@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Maybe other alternative is create a base page class that has this and
> some/all application pages extends
> 
> @Inject
> RequestGlobals m_requestGlobals;
> 
> public boolean isUserAdmin()
> 
> El sáb., 28 abr. 2018 a las 0:41, pico.dev (<pico@gmail.com>) escribió:
> 
> > Hi,
> >
> > Maybe you can implement a new conditional component that checks the role
> > and render or not its body. Something like this:
> >
> > 
> > SAVE DATA
> > 
> >
> > See https://tapestry.apache.org/component-rendering.html
> >
> > Regards,
> >
> > El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni (<l.arz...@iname.com>)
> > escribió:
> >
> >> Hi,
> >> I'm using tapestry5.4 with java 8.
> >>
> >> I am using the standard servlet API to check if a user is in role or not,
> >> to hide or show buttons, links, and so on.
> >>
> >> For example, I need to show a button to the user only if the user has
> >> been granted a role.
> >>
> >> My usual way to to this is:
> >>
> >> 1) create a method in the page, for example:
> >>
> >> @Inject
> >> RequestGlobals m_requestGlobals;
> >>
> >> public boolean isUserAdmin() {
> >> if (m_requestGlobals == null) {
> >> return false;
> >> }
> >> return m_requestGlobals.isUserInRole("ADMIN");
> >> }
> >>
> >> 2) then, in the tml, check the method using a t:if component, for example:
> >>
> >> 
> >> SAVE DATA
> >> 
> >>
> >> This is not so good, since I must reimplement the same method in many
> >> pages.
> >>
> >> Is there any way could I access the requestGlobals directly from tml?
> >>
> >> My goql would be to write, directly in the tml, something like:
> >>
> >>
> >> 
> >> SAVE DATA
> >> 
> >>
> >>
> >> Is it possible to do this with tapestry5?
> >>
> >> Thanks in advance,
> >> larzeni
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> >> For additional commands, e-mail: users-h...@tapestry.apache.org
> >>
> >>
>

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: Access request from tml / standard servlet api role support

2018-04-28 Thread Luca Arzeni

Hi,
this is an idea, but I was hoping to have direct access to the request.
In tapestry3 there was a direct way to access the Visit Object, and the ognl 
was well documented, but it seems that there is no more similar in tapestry5.

Thank you,
larzeni


> Sent: Saturday, April 28, 2018 at 12:41 AM
> From: "pico.dev" <pico@gmail.com>
> To: "Tapestry users" <users@tapestry.apache.org>
> Subject: Re: Access request from tml / standard servlet api role support
>
> Hi,
> 
> Maybe you can implement a new conditional component that checks the role
> and render or not its body. Something like this:
> 
> 
> SAVE DATA
> 
> 
> See https://tapestry.apache.org/component-rendering.html
> 
> Regards,
> 
> El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni (<l.arz...@iname.com>)
> escribió:
> 
> > Hi,
> > I'm using tapestry5.4 with java 8.
> >
> > I am using the standard servlet API to check if a user is in role or not,
> > to hide or show buttons, links, and so on.
> >
> > For example, I need to show a button to the user only if the user has been
> > granted a role.
> >
> > My usual way to to this is:
> >
> > 1) create a method in the page, for example:
> >
> > @Inject
> > RequestGlobals m_requestGlobals;
> >
> > public boolean isUserAdmin() {
> > if (m_requestGlobals == null) {
> > return false;
> > }
> > return m_requestGlobals.isUserInRole("ADMIN");
> > }
> >
> > 2) then, in the tml, check the method using a t:if component, for example:
> >
> > 
> > SAVE DATA
> > 
> >
> > This is not so good, since I must reimplement the same method in many
> > pages.
> >
> > Is there any way could I access the requestGlobals directly from tml?
> >
> > My goql would be to write, directly in the tml, something like:
> >
> >
> > 
> > SAVE DATA
> > 
> >
> >
> > Is it possible to do this with tapestry5?
> >
> > Thanks in advance,
> > larzeni
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
>

-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Re: Access request from tml / standard servlet api role support

2018-04-27 Thread Kalle Korhonen

Tapestry-security (http://www.tynamo.org/tapestry-security+guide/) supports
request.isuserInRole and provides components similar to the one suggested,
i.e.


SAVE DATA


Kalle




On Fri, Apr 27, 2018 at 3:41 PM, pico.dev  wrote:

> Hi,
>
> Maybe you can implement a new conditional component that checks the role
> and render or not its body. Something like this:
>
> 
> SAVE DATA
> 
>
> See https://tapestry.apache.org/component-rendering.html
>
> Regards,
>
> El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni ()
> escribió:
>
> > Hi,
> > I'm using tapestry5.4 with java 8.
> >
> > I am using the standard servlet API to check if a user is in role or not,
> > to hide or show buttons, links, and so on.
> >
> > For example, I need to show a button to the user only if the user has
> been
> > granted a role.
> >
> > My usual way to to this is:
> >
> > 1) create a method in the page, for example:
> >
> > @Inject
> > RequestGlobals m_requestGlobals;
> >
> > public boolean isUserAdmin() {
> > if (m_requestGlobals == null) {
> > return false;
> > }
> > return m_requestGlobals.isUserInRole("ADMIN");
> > }
> >
> > 2) then, in the tml, check the method using a t:if component, for
> example:
> >
> > 
> > SAVE DATA
> > 
> >
> > This is not so good, since I must reimplement the same method in many
> > pages.
> >
> > Is there any way could I access the requestGlobals directly from tml?
> >
> > My goql would be to write, directly in the tml, something like:
> >
> >
> > 
> > SAVE DATA
> > 
> >
> >
> > Is it possible to do this with tapestry5?
> >
> > Thanks in advance,
> > larzeni
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
>

Re: Access request from tml / standard servlet api role support

2018-04-27 Thread pico.dev

Maybe other alternative is create a base page class that has this and
some/all application pages extends

@Inject
RequestGlobals m_requestGlobals;

public boolean isUserAdmin()

El sáb., 28 abr. 2018 a las 0:41, pico.dev () escribió:

> Hi,
>
> Maybe you can implement a new conditional component that checks the role
> and render or not its body. Something like this:
>
> 
> SAVE DATA
> 
>
> See https://tapestry.apache.org/component-rendering.html
>
> Regards,
>
> El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni ()
> escribió:
>
>> Hi,
>> I'm using tapestry5.4 with java 8.
>>
>> I am using the standard servlet API to check if a user is in role or not,
>> to hide or show buttons, links, and so on.
>>
>> For example, I need to show a button to the user only if the user has
>> been granted a role.
>>
>> My usual way to to this is:
>>
>> 1) create a method in the page, for example:
>>
>> @Inject
>> RequestGlobals m_requestGlobals;
>>
>> public boolean isUserAdmin() {
>> if (m_requestGlobals == null) {
>> return false;
>> }
>> return m_requestGlobals.isUserInRole("ADMIN");
>> }
>>
>> 2) then, in the tml, check the method using a t:if component, for example:
>>
>> 
>> SAVE DATA
>> 
>>
>> This is not so good, since I must reimplement the same method in many
>> pages.
>>
>> Is there any way could I access the requestGlobals directly from tml?
>>
>> My goql would be to write, directly in the tml, something like:
>>
>>
>> 
>> SAVE DATA
>> 
>>
>>
>> Is it possible to do this with tapestry5?
>>
>> Thanks in advance,
>> larzeni
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>
>>

Re: Access request from tml / standard servlet api role support

2018-04-27 Thread pico.dev

Hi,

Maybe you can implement a new conditional component that checks the role
and render or not its body. Something like this:


SAVE DATA


See https://tapestry.apache.org/component-rendering.html

Regards,

El sáb., 28 abr. 2018 a las 0:12, Luca Arzeni ()
escribió:

> Hi,
> I'm using tapestry5.4 with java 8.
>
> I am using the standard servlet API to check if a user is in role or not,
> to hide or show buttons, links, and so on.
>
> For example, I need to show a button to the user only if the user has been
> granted a role.
>
> My usual way to to this is:
>
> 1) create a method in the page, for example:
>
> @Inject
> RequestGlobals m_requestGlobals;
>
> public boolean isUserAdmin() {
> if (m_requestGlobals == null) {
> return false;
> }
> return m_requestGlobals.isUserInRole("ADMIN");
> }
>
> 2) then, in the tml, check the method using a t:if component, for example:
>
> 
> SAVE DATA
> 
>
> This is not so good, since I must reimplement the same method in many
> pages.
>
> Is there any way could I access the requestGlobals directly from tml?
>
> My goql would be to write, directly in the tml, something like:
>
>
> 
> SAVE DATA
> 
>
>
> Is it possible to do this with tapestry5?
>
> Thanks in advance,
> larzeni
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

Re: Access request from tml / standard servlet api role support

12 matches

Site Navigation

Mail list logo

Footer information