Mark, Do a Google search using the search string:
site:http://mail-archives.apache.org/mod_mbox "Jonathan Barker" I posted some information and code in June 2006 about creating @Authorize and @AclAuthorize based on the code for the tapestry @If component, and the Authorize and AclAuthorize JSP taglibs. I've had this in production since last May and it's been working beautifully. Jonathan > -----Original Message----- > From: Borut Bolčina [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 27, 2007 12:31 PM > To: Tapestry users > Subject: Re: Role based security > > Hello Mark, > > Mark Stang wrote: > > Ignore the Mediator class it is one of ours. The real logic is in the > else. We store user and role in the visit and check when needed. > > > > > > hth, > > > sorry, but it doesn't. I am looking for a more general solution - if at > all exists. I wish to lay grounds for security in my Tapestry app beyond > those described in Kent's book EWDT, Tapestry 101 or Beginning POJOS > (Novice to Professional). Imagine a portal with several portlets. Each > of the portlet is visible and/or editable only to some roles. In a > portal server such as Liferay or JBoss Portal you can do this by > assigning certain rights to portlets. I don't want to make a portal(!), > but I want to have blocks of code on a Tapestry page protected with a > pluggable authorization/authentication mechanism (memory based, LDAP, > JDBC, maybe even Active Directory). > > Cheers, > Borut > > Mark > > > > Mark J. Stang > > Senior Engineer/Architect > > office: +1 303.468.2900 > > mobile: +1 303.507.2833 > > Ping Identity > > > > > > > > -----Original Message----- > > From: Borut Bolcina [mailto:[EMAIL PROTECTED] > > Sent: Tue 2/27/2007 7:08 AM > > To: Tapestry users > > Subject: Role based security > > > > Hello list, > > > > I was wondering if there is a better way of securing page components > > than using @If components (example from VirtualLibrary for Tapestry > > v4.0, Border.html) > > > > <span jwcid="@If" condition="ognl:admin"> > > <tr> > > <td rowspan="1" colspan="1" width="178" height="19"><img > > src="/vlib/images/nav/nav_6x1.png" width="178" height="19" border="0" > > alt="Admin"/></td> > > </tr> > > ... > > </span> > > > > <span jwcid="@If" condition="ognl:loggedIn"> > > <tr> > > <td rowspan="1" colspan="1" width="178" height="29"><a href="#" > > jwcid="logout"><img jwcid="logoutRollover" > > src="/vlib/images/nav/nav_10x1.png" width="178" height="29" border="0" > > alt="Logout"/></a></td> > > </tr> > > </span> > > > > <span jwcid="@If" condition="ognl:!loggedIn"> > > <tr> > > <td rowspan="1" colspan="1" width="178" height="29"><a href="#" > > jwcid="login"><img jwcid="loginRollover" > > src="/vlib/images/nav/nav_10x1.png" width="178" height="29" border="0" > > alt="Login"/></a></td> > > </tr> > > </span> > > > > > > I read all I could find on the list about acegi and a wiki entries > > starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none > > of the texts mention or suggests something like > > > > <span jwcid="@Secured" role="acegi:{ROLE_USER, ROLE_ADMIN}"> > > <tr> > > <td rowspan="1" colspan="1" width="178" height="19"><img > > src="/vlib/images/nav/nav_6x1.png" width="178" height="19" border="0" > > alt="Admin"/></td> > > </tr> > > ... > > </span> > > > > How about creating such component? How do you guys do it? > > > > Cheers, > > Borut > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]