At Formos, we used the ComponentMethodAdvice approach to enforce page-level security, advising the dispatchComponentEvent() method (part of the Component interface).
Since it's a specific method, we know what the parameters are; we can then cast the first parameter to ComponentEvent, and (inside the advice) check to see if it is an "activate" event, and apply security checks there. So we do coarse grained security access, that entire pages are restricted by user role. It's a bit more complicated if you want to dive down and apply fine-grained advice to methods, especially if you want to find all the event handling methods (you need to know the naming convention and the annotation, just like OnEventWorker). I'd stick with an annotation-driven approach rather than blindly advising everthing in sight ... you'll likely advise too much! On Wed, May 7, 2008 at 10:43 AM, Filip S. Adamsen <[EMAIL PROTECTED]> wrote: > There isn't much documentation on this yet as far as I know, but Howard > posted a bit about it on his blog: > > http://tapestryjava.blogspot.com/2008/04/tapestry-components-aspects.html > > -Filip > > On 2008-05-07 19:29, Robin Helgelin wrote: >> >> On Wed, May 7, 2008 at 4:21 PM, Filip S. Adamsen <[EMAIL PROTECTED]> wrote: >>> >>> How about using the new ComponentMethodAdvice? Sounds like that might be >>> a >>> good fit. >> >> Reading up about that now, any specific ideas on how to use it? Seems >> like it can help on secure methods, but not on secure classes. In that >> case I need to advise on all possible action methods? >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Howard M. Lewis Ship Creator Apache Tapestry and Apache HiveMind --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
