Hi, Usually Tapestry applications check authorization in IPage.validate() method. This means that you will have to take care of security within the application. Since all requests come in to same servlet context the security mapping in web.xml is more or less useless.
But in case you need stuff beyound IPage.validate(), here's some thoughts about the issue. Since I don't have a chance doing any of this, I've kept my mouth shut :). Using form-based login and some security definitions added to component specification we could have declarative security within Tapestry also. JBoss users would delegate authentication to JBossSX and benefit from it on EJB-layer also. There are problems with form-based login. I'm not sure if the redirection made by servlet engine is enough (since to my recall it ignores request parameters.) My collegue once made patch for Catalina with additional j_redirect attribute to provide exact url for catalina where to redirect request after login form has been processed (in situations where login form kicks in). But since Tapestry should stay within Servlet API, this could be a problem. In this model there would be rather simple IPage.validate() implementation which checks that request has role denined in page's specfication. For example it would be nice to have context assets protected with same security model that's used within application. On Wednesday 25 September 2002 06:55, you wrote: > Hi, > How to implement security in Tapestry? That is, a given role will have > access to certain pages and not others. > > After reading the developer and tutorial guide, I am bit lost on how to do > it? Any suggestion and ideas? > > Thanks a million. > Ethan > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Tapestry-developer mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/tapestry-developer -- /ekimmo ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Tapestry-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/tapestry-developer
