tapestry-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Ferraro <p...@columbia.edu>
Subject Re: Role management in Tapestry Web-Applications
Date Wed, 10 Dec 2003 23:45:19 GMT
Here's an additional suggestion...
Rather than be limitted to strings for property values, you can bind 
your specification property directly to an object by adding just a 
little more code to Howard's example:

import blah.blah.Role;
import org.apache.tapestry.util.prop.OgnlUtils;

public void pageValidate(IRequestCycle cycle)
  Role requiredRole = (Role) OgnlUtils.get(this.getSpecification().getProperty("requiredRole"),
this.getEngine().getResourceResolver(), this);

  Visit visit = (Visit) this.getVisit();

  Role currentRole = visit.getCurrentRole();

  if (!requiredRole.equals(currentRole))
    // throw a redirect to an error page ?

Where my page specification might look like this:

<page-specification class="blah.blah.ProtectedPage">
	<property name="requiredRole" value="@blah.blah.RoleEnum@ADMINISTRATOR"/>

Paul Ferraro

John Meredith wrote:

>This is a great tip!
>I'd been screwing around with my own custom role based implementation
>for a while now and didn't like it at all (although it worked).
>Easy to implement for all pages and configured in the spec. Tapestry
>continues to impress :-)
>  - John
>On Tue, 2003-12-09 at 14:29, Howard M. Lewis Ship wrote:
>>My intent for this was that your application would use a common base class that implements
>>validate() method.  All your application pages would inherit from your custom page
>>A little known feature of Tapestry is the support for meta-data in the page (and component)
>>specifications.  That's the <property> element, which allows you to store name/value
>>See http://jakarta.apache.org/tapestry/doc/api/org/apache/tapestry/util/IPropertyHolder.html
>>So you could have code in your base page class such as:
>>public void validate(IRequestCycle cycle)
>>  String requiredRole = getSpecification().getProperty("requiredRole");
>>  Visit visit = (Visit)getVisit();
>>  String currentRole = visit.getCurrentRole();
>>  if (incompatibleRole(requiredRole, currentRole))
>>  {
>>    // throw a redirect to an error page ?
>>  }
>>Howard M. Lewis Ship
>>Creator, Tapestry: Java Web Components
>>>-----Original Message-----
>>>From: Peter Butler [mailto:peter.butler@141.com] 
>>>Sent: Monday, December 08, 2003 10:38 PM
>>>To: 'Tapestry users'
>>>Subject: RE: Role management in Tapestry Web-Applications
>>>Hi Yevgeniy
>>>I've done this recently for a web application, and it's not hard to do
>>>using Tapestry.  All I did was create a subclass of BasePage 
>>>like this:
>>>public class ProtectedPage extends BasePage {
>>>	public void validate(IRequestCycle cycle) {
>>>		super.validate(cycle);
>>>		Visit visit = (Visit) getVisit();
>>>		if (visit == null || !visit.isLoggedIn()) {
>>>			Login login = (Login) cycle.getPage("Login");
>>>			login.setCallback(new PageCallback(this));
>>>			throw new PageRedirectException(login);
>>>		}
>>>	}
>>>Then you need to create a Login page that authenticates the user and a
>>>Visit object with the isLoggedIn property.  The Login page finds the
>>>user in the database and sets it on the visit object.
>>>Each user has a role and each role has the functions that are allowed
>>>for that role.  The function class looks like this:
>>>public class Function {
>>>	private String name;
>>>	private String pageName;
>>>	private boolean visible;
>>>	private int sortOrder;
>>>I use the functions that are available for the user (and that are
>>>visible) to create the links in the menu for the user once they are
>>>logged in.  I'm also going to add code to the ProtectedPage 
>>>class above
>>>to check that the user has access to the page.
>>>This seems to work pretty well, although I will have to be 
>>>careful that
>>>the functions stored in the database match the page names, otherwise
>>>I'll have some pretty annoyed users!
>>>Hope this helps.
>>>Peter Butler
>>>Clever Software Limited
>>>-----Original Message-----
>>>From: illyushyn@dev.kck.ru [mailto:illyushyn@dev.kck.ru] 
>>>Sent: Tuesday, 9 December 2003 3:06 a.m.
>>>To: tapestry-user@jakarta.apache.org
>>>Subject: Role management in Tapestry Web-Applications
>>>Hallo .
>>>I'm trying to use Tapestry and I like it more and more.
>>>It's made in a really nice way, good for you!
>>>But I have one question.
>>>Is there a way to create a role- dependent Web-Application using
>>>Tapestry? I have a big Web-Application and need a structure to divide
>>>users in this system according to their roles. For example Admin cat
>>>visit pageX but Guest can't do this. If he tries, an error 
>>>page appears,
>>>for example. And such a behavior I need almost on every page. Is there
>>>any built in way to do it? Or may be you have an Idea how it could be
>>>Thanks in advance.
>>>Yevgeniy Illyushyn.
>>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

View raw message