Hi Dmitry, I ended up doing a component as you suggested. I will take a look at tapestry-security when I have a little more time. Thanks again, larzeni
> Sent: Saturday, April 28, 2018 at 1:45 PM > From: "Dmitry Gusev" <dmitry.gu...@gmail.com> > To: "Tapestry users" <users@tapestry.apache.org> > Subject: Re: Access request from tml / standard servlet api role support > > Hi Luca, > > Component parameters syntax is built about binding expressions [1], i.e. > "prefix:expression". > > By default the prefix is "prop:", unless explicitly overridden for specific > parameter [2]. > > You can find detailed explanation for property expressions, including its > BNF grammar, in official Tapestry documentation [3]. > > Property expressions are always evaluated in the context of current > page/component. > > It's called "property" expression, because it uses JavaBean-notation > properties (@Property annotation can generate get/set methods around field > at runtime). > > So in order for your expression `request.isUserInRole("ADMIN")` to work, > the `request` must be a @Property (or has `getRequest()` method) in your > page/component, i.e.: > > @Inject > @Property > Request request; > > There are no special cases for the built-in services in the BNF > for property expressions [3]. > > As others pointed in this thread, the Tapestry way of dealing with your > requirement is to create a new component, > similar to `t:If`, that would accept a role name as it's parameter so you > could render it's body conditionally if user is in role, i.e.: > > public class HasRole extends > org.apache.tapestry5.corelib.base.AbstractConditional > { > @Inject RequestGlobals requestGlobals; > @Parameter(required=true, defaultPrefix=BindingConstants.LITERAL) > String role; > > @Override > protected boolean test() > { > return requestGlobals.getHTTPServletRequest().isUserInRole(role); > } > } > > Above code is almost a copy-paste of tapestry-security's HasRole component > [4]. > > The only difference is this component uses servlet API directly for role > checking, > while is tapestry-security is built around Apache Shiro [5], > and provides more advanced security model than simple role model of the > servlet API. > > I highly recommend tapestry-security if you need anything more than > built-in servlet API role model. > > [1] > http://tapestry.apache.org/component-parameters.html#ComponentParameters-BindingExpressions > [2] > https://tapestry.apache.org/5.3/apidocs/org/apache/tapestry5/annotations/Parameter.html#defaultPrefix() > [3] http://tapestry.apache.org/property-expressions.html > [4] http://www.tynamo.org/tapestry-security+guide/ > [5] https://shiro.apache.org > > On Sat, Apr 28, 2018 at 1:12 AM, Luca Arzeni <l.arz...@iname.com> wrote: > > > Hi, > > I'm using tapestry5.4 with java 8. > > > > I am using the standard servlet API to check if a user is in role or not, > > to hide or show buttons, links, and so on. > > > > For example, I need to show a button to the user only if the user has been > > granted a role. > > > > My usual way to to this is: > > > > 1) create a method in the page, for example: > > > > @Inject > > RequestGlobals m_requestGlobals; > > > > public boolean isUserAdmin() { > > if (m_requestGlobals == null) { > > return false; > > } > > return m_requestGlobals.isUserInRole("ADMIN"); > > } > > > > 2) then, in the tml, check the method using a t:if component, for example: > > > > <t:if test="userAdmin"> > > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > > </t:if> > > > > This is not so good, since I must reimplement the same method in many > > pages. > > > > Is there any way could I access the requestGlobals directly from tml? > > > > My goql would be to write, directly in the tml, something like: > > > > > > <t:if test="request.isuserInRole('ADMIN')"> > > <a t:id="saveButton" type="button" href="#">SAVE DATA</a> > > </t:if> > > > > > > Is it possible to do this with tapestry5? > > > > Thanks in advance, > > larzeni > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > > > -- > Dmitry Gusev > > AnjLab Team > http://anjlab.com > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org