Hi Angelo,
Using a Dispatcher (or Request filter) enables you to filter on every Request,
so simply wire Tapestry's ApplicationStateManager to your Dispatcher and
retrieve the appropriate ASO instance to check access for the requested page /
resource:
public PageAccessController(ApplicationStateManager asm, etc...){
asm_ = asm;
...
}
@Override
public boolean service(Request request, Response response,...etc){
siteAccess = asm_.get(SiteAccess.class);
if(!siteAccess.isAuthenticated())
redirectToLogin();
}
For an extranet it is better to deny access by default unless explicitly
permissioned.
regards,
Peter
----- Original Message -----
From: "Onno Scheffers" <o...@piraya.nl>
To: "Tapestry users" <users@tapestry.apache.org>
Sent: Wednesday, 10 June, 2009 19:19:21 GMT +02:00 Athens, Beirut, Bucharest,
Istanbul
Subject: Re: t5: protecting data from public access
>
> this is a good idea. which one is faster:
> returning the image as a stream or a direct link to a physical file in the
> file system?
The physical file is much faster.
It just gets a little troublesome to keep all files in sync if your
application has to be distributed over multiple servers: a file-upload will
need to be placed onto the filesystem of each and every server. You don't
have that problem when you put the files in a database.
regards,
Onno
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
