I was just thinking about something that would be really cool.
It's a common requirement in some applications that some ui elements are
hidden/shown depending on user role. What i'm thinking is that
tapestry-acegi could provide the same @Secured annotation for component
classes but it would have a different behavior. Instead of simply
checking authorization and returning an error it the user doesn't have
access permissions, it would show the component if the user had the
given role and hide it otherwise.
Would this be cool or what ? :o)
James Carman wrote:
Form-based authentication is coming soon! :-) It should be quite easy.
Hi,
a smooth integration of ACEGI into Tapestry is really cool stuff. We
managed it by using
the internal org.acegisecurity.util.FilterToBeanProxy and
FilterChainProxy for authentication
and partially for authorization (user /not logged in without role check)
within the web.xml.
Does this mean that it would be possible to just configure the
filterChainProxy in spring and
inject this spring bean as a "tapestry filter" in front of Tapestry
servlet? Or am I completely
wrong? Unfortunately we don't use basic HTTP authentication but a form
based authentication
incobination with an internal SSO solution.
Gernot
On Friday 09 June 2006 10:49, James Carman wrote:
Gernot,
I plan on making the different login mechanisms more "pluggable" soon.
I've
got an idea that will make it much easier (making Tapestry support
servlet
filters as ServletRequestServicerFilters so I don't have to write
"adapter"
subclasses). Once I get everything running smoothly, I'll release it as
a
1.0 (hopefully won't be too long). You can use it now as-is, if all you
need is HTTP basic authentication.
James
--
Gernot Stocker,
Institute for Genomics and Bioinformatics(IGB)
Petersgasse 14, 8010 Graz, Austria
Tel.: ++43 316 873 5345
http://genome.tugraz.at
James Carman, President
Carman Consulting, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
