On 03/15/2013 11:35 PM, nhhockeyplayer nashua wrote:
One of my issues as I understand this framework is defining access to the
application.
configuration.add(factory.createChain("/**").add(factory.authc()).build());
the above statement was imposing authentication on everything and actually
blocking the rendering of assets
I wish I could tear thru it faster.
But it will come when it comes
I dont understand the significance of having to specify these xpaths... if
thats what they are
/authc/**
why would I want to specify something like that?
You can think of them as subdirectories with I believe Ant style expansions.
What you would expect to do is break the application paths up into
similar behavior, that you can then apply coarse grain authentication
and authorization to.
So you might have a pages like
/admin/edituser
/admin/viewstats
etc
So then you might want /admin/** to indicate all pages under that path.
That's your chain. You then add an authentication method to it. You can
use something from the factory, or you can create your own.
You'll need to create your own realms to store the authorization
information, or you can use one of the existing directory based ones.
From there you can use the annotations to do more fine grained
authorization.
In reality, you should be doing both the path based and annotation based
security.
Having an understanding of how Shiro works, helps a lot. Yes, there is a
lot of abstract explanations, but the basics are important to
understand. Stick with the simple wild card permissions to begin with.
There is the ability to program your own permissions, or use instance
level access. Those are easy to do once you get the basics.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
