Adam, You pointed out example about how to do security with current Tapestry. I'm sure that WOOWK will find that example usefull.
I didn't make it very clear, but I was actually talking about something different. I meant that if Tapestry would enable form based login (as mentioned in Servlet Specification) and component specification would have security constraint elements we could have common declarative security within Tapestry and other applications / resources running on same web-server. This could be handy when there's for example context assests that should be protected. I think this is coming to be more relevant when web application integration increases. I know that declarative security doesn't solve all problems. Nothing like that. However Java security framework(s) are evoling. For example JBossSX is cool. All that good stuff doesn't benefit Tapestry if there's only custom security solutions. Please consider this just as brainstorming.. with lot's of if's :) (I know.. These projects really need dudes that actually do something, less the ones that just mumble about how things should be.) /me is mumble guy Thanks for your time, ekimmo On Wednesday 25 September 2002 14:46, you wrote: > Take a look at the VLib example that comes with Tapestry, it shows you how > to do security and it remembers which page to redirect to. As to > parameters, you will have to look at the example (It's been too long since > I looked at it). > > ----- Original Message ----- > From: "Kimmo Eklund" <[EMAIL PROTECTED]> > To: "WOOWK" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, September 24, 2002 5:41 AM > Subject: Re: [Tapestry-developer] Security control - How to do it > > > Hi, > > > > Usually Tapestry applications check authorization in IPage.validate() > > method. > > > This means that you will have to take care of security within the > > application. Since all requests come in to same servlet context the > > security > > > mapping in web.xml is more or less useless. > > > > But in case you need stuff beyound IPage.validate(), here's some thoughts > > about the issue. Since I don't have a chance doing any of this, I've kept > > my > > > mouth shut :). > > > > Using form-based login and some security definitions added to component > > specification we could have declarative security within Tapestry also. > > JBoss > > > users would delegate authentication to JBossSX and benefit from it on > > EJB-layer also. There are problems with form-based login. I'm not sure if > > the > > > redirection made by servlet engine is enough (since to my recall it > > ignores > > > request parameters.) My collegue once made patch for Catalina with > > additional > > > j_redirect attribute to provide exact url for catalina where to redirect > > request after login form has been processed (in situations where login > > form > > > kicks in). But since Tapestry should stay within Servlet API, this could > > be a > > > problem. > > > > In this model there would be rather simple IPage.validate() > > implementation which checks that request has role denined in page's > > specfication. > > > > For example it would be nice to have context assets protected with same > > security model that's used within application. > > > > On Wednesday 25 September 2002 06:55, you wrote: > > > Hi, > > > How to implement security in Tapestry? That is, a given role will have > > > access to certain pages and not others. > > > > > > After reading the developer and tutorial guide, I am bit lost on how to > > do > > > > it? Any suggestion and ideas? > > > > > > Thanks a million. > > > Ethan > > > > > > > > > > > > ------------------------------------------------------- > > > This sf.net email is sponsored by:ThinkGeek > > > Welcome to geek heaven. > > > http://thinkgeek.com/sf > > > _______________________________________________ > > > Tapestry-developer mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/tapestry-developer > > > > -- > > /ekimmo > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > Tapestry-developer mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/tapestry-developer -- /ekimmo ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Tapestry-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/tapestry-developer
