Greg Turner writes:Actually I am probably wrong about this one - after all security constraints in web.xml are URL based, so pages can be organized into logical groups by URL prefix. The other limitations are still an issue though
You are talking about the programatic model. Better to use the declarative model as outlined in J2EE spec, where you put security info in the web.xml and ejb-jar.xml files.Note that with Tapestry this is going to be an all or nothing solution, since it is a single servlet - and therefore a single resource from J2EE point of view.
Andrus
Besides I dislike the whole thing - it has broad role definitions, this doesn't work in most real life situations when security aspects have relationship to a login id, rather than a group. But for the simple cases this works.
I would code the real logic in a Visit class, and use declarative security as an on/off switch to let the user in.
Andrus
Schneider, Eric wrote:
Hi,Greg Turner, JBoss Authorized Consultant
Just wondering how others are handing authentication. I'm still fairly new
to tapestry, but I'm thinking of putting my 'logged in - is not logged in'
logic in a page wrapper component used on my internal pages that will
redirect you to login screen if you aren't authenticated.
Ideas appreciated!
Thanks,
Eric
Tiburon Enterprise Systems
http://www.tiburon-e-systems.com
Box 1171
Tiburon, CA 94920
415-927-2543
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Tapestry-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/tapestry-developer
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Tapestry-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/tapestry-developer
