tapestry-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Ferraro <p...@columbia.edu>
Subject Re: Role management in Tapestry Web-Applications
Date Wed, 10 Dec 2003 23:45:19 GMT
Here's an additional suggestion...
Rather than be limitted to strings for property values, you can bind 
your specification property directly to an object by adding just a 
little more code to Howard's example:

import blah.blah.Role;
import org.apache.tapestry.util.prop.OgnlUtils;
...

public void pageValidate(IRequestCycle cycle)
{
  Role requiredRole = (Role) OgnlUtils.get(this.getSpecification().getProperty("requiredRole"),
this.getEngine().getResourceResolver(), this);

  Visit visit = (Visit) this.getVisit();

  Role currentRole = visit.getCurrentRole();

  if (!requiredRole.equals(currentRole))
  {
    // throw a redirect to an error page ?
  }
}


Where my page specification might look like this:

<page-specification class="blah.blah.ProtectedPage">
	<property name="requiredRole" value="@blah.blah.RoleEnum@ADMINISTRATOR"/>
	...
</page-specification>


Paul Ferraro

John Meredith wrote:

>This is a great tip!
>
>I'd been screwing around with my own custom role based implementation
>for a while now and didn't like it at all (although it worked).
>
>Easy to implement for all pages and configured in the spec. Tapestry
>continues to impress :-)
>
>  - John
>
>On Tue, 2003-12-09 at 14:29, Howard M. Lewis Ship wrote:
>  
>
>>My intent for this was that your application would use a common base class that implements
the
>>validate() method.  All your application pages would inherit from your custom page
class.
>>
>>A little known feature of Tapestry is the support for meta-data in the page (and component)
>>specifications.  That's the <property> element, which allows you to store name/value
pairs.
>>
>>See http://jakarta.apache.org/tapestry/doc/api/org/apache/tapestry/util/IPropertyHolder.html
>>
>>So you could have code in your base page class such as:
>>
>>public void validate(IRequestCycle cycle)
>>{
>>  String requiredRole = getSpecification().getProperty("requiredRole");
>>
>>  Visit visit = (Visit)getVisit();
>>
>>  String currentRole = visit.getCurrentRole();
>>
>>  if (incompatibleRole(requiredRole, currentRole))
>>  {
>>    // throw a redirect to an error page ?
>>  }
>>
>>}
>>
>>--
>>Howard M. Lewis Ship
>>Creator, Tapestry: Java Web Components
>>http://jakarta.apache.org/tapestry
>>http://jakarta.apache.org/commons/sandbox/hivemind/
>>http://javatapestry.blogspot.com
>>
>>    
>>
>>>-----Original Message-----
>>>From: Peter Butler [mailto:peter.butler@141.com] 
>>>Sent: Monday, December 08, 2003 10:38 PM
>>>To: 'Tapestry users'
>>>Subject: RE: Role management in Tapestry Web-Applications
>>>
>>>
>>>Hi Yevgeniy
>>>
>>>I've done this recently for a web application, and it's not hard to do
>>>using Tapestry.  All I did was create a subclass of BasePage 
>>>like this:
>>>
>>>public class ProtectedPage extends BasePage {
>>>	public void validate(IRequestCycle cycle) {
>>>		super.validate(cycle);
>>>		Visit visit = (Visit) getVisit();
>>>
>>>		if (visit == null || !visit.isLoggedIn()) {
>>>			Login login = (Login) cycle.getPage("Login");
>>>			login.setCallback(new PageCallback(this));
>>>			throw new PageRedirectException(login);
>>>		}
>>>	}
>>>}
>>>
>>>Then you need to create a Login page that authenticates the user and a
>>>Visit object with the isLoggedIn property.  The Login page finds the
>>>user in the database and sets it on the visit object.
>>>
>>>Each user has a role and each role has the functions that are allowed
>>>for that role.  The function class looks like this:
>>>
>>>public class Function {
>>>	private String name;
>>>	private String pageName;
>>>	private boolean visible;
>>>	private int sortOrder;
>>>...
>>>}
>>>
>>>I use the functions that are available for the user (and that are
>>>visible) to create the links in the menu for the user once they are
>>>logged in.  I'm also going to add code to the ProtectedPage 
>>>class above
>>>to check that the user has access to the page.
>>>
>>>This seems to work pretty well, although I will have to be 
>>>careful that
>>>the functions stored in the database match the page names, otherwise
>>>I'll have some pretty annoyed users!
>>>
>>>Hope this helps.
>>>
>>>Peter Butler
>>>
>>>Clever Software Limited
>>>
>>>-----Original Message-----
>>>From: illyushyn@dev.kck.ru [mailto:illyushyn@dev.kck.ru] 
>>>Sent: Tuesday, 9 December 2003 3:06 a.m.
>>>To: tapestry-user@jakarta.apache.org
>>>Subject: Role management in Tapestry Web-Applications
>>>
>>>
>>>Hallo .
>>>
>>>I'm trying to use Tapestry and I like it more and more.
>>>It's made in a really nice way, good for you!
>>>
>>>But I have one question.
>>>Is there a way to create a role- dependent Web-Application using
>>>Tapestry? I have a big Web-Application and need a structure to divide
>>>users in this system according to their roles. For example Admin cat
>>>visit pageX but Guest can't do this. If he tries, an error 
>>>page appears,
>>>for example. And such a behavior I need almost on every page. Is there
>>>any built in way to do it? Or may be you have an Idea how it could be
>>>done?
>>>
>>>Thanks in advance.
>>>Yevgeniy Illyushyn.
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>    
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org


Mime
View raw message