You are talking about the programatic model. Better to use the declarative model as outlined in J2EE spec, where you put security info in the web.xml and ejb-jar.xml files.Note that with Tapestry this is going to be an all or nothing solution, since it is a single servlet - and therefore a single resource from J2EE point of view.
Besides I dislike the whole thing - it has broad role definitions, this doesn't work in most real life situations when security aspects have relationship to a login id, rather than a group. But for the simple cases this works.
I would code the real logic in a Visit class, and use declarative security as an on/off switch to let the user in.
Andrus
Schneider, Eric wrote:
Hi,Greg Turner, JBoss Authorized Consultant
Just wondering how others are handing authentication. I'm still fairly new
to tapestry, but I'm thinking of putting my 'logged in - is not logged in'
logic in a page wrapper component used on my internal pages that will
redirect you to login screen if you aren't authenticated.
Ideas appreciated!
Thanks,
Eric
Tiburon Enterprise Systems
http://www.tiburon-e-systems.com
Box 1171
Tiburon, CA 94920
415-927-2543
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Tapestry-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/tapestry-developer
