Return-Path: 
 <tapestry-user-return-5554-apmail-jakarta-tapestry-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tapestry-user-archive@www.apache.org
Received: (qmail 1766 invoked from network); 10 Dec 2003 23:45:29 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 10 Dec 2003 23:45:29 -0000
Received: (qmail 28595 invoked by uid 500); 10 Dec 2003 23:45:12 -0000
Delivered-To: apmail-jakarta-tapestry-user-archive@jakarta.apache.org
Received: (qmail 28583 invoked by uid 500); 10 Dec 2003 23:45:12 -0000
Mailing-List: contact tapestry-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tapestry-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tapestry-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tapestry-user-help@jakarta.apache.org>
List-Post: <mailto:tapestry-user@jakarta.apache.org>
List-Id: "Tapestry users" <tapestry-user.jakarta.apache.org>
Reply-To: "Tapestry users" <tapestry-user@jakarta.apache.org>
Delivered-To: mailing list tapestry-user@jakarta.apache.org
Received: (qmail 28556 invoked from network); 10 Dec 2003 23:45:12 -0000
Received: from unknown (HELO mail.identitytheft911.com) (64.147.173.37)
  by daedalus.apache.org with SMTP; 10 Dec 2003 23:45:12 -0000
Received: (qmail 2453 invoked from network); 11 Dec 2003 01:36:12 -0000
Received: from  (HELO mail.identitytheft911.com) ()
  by mail.identitytheft911.com with SMTP; 11 Dec 2003 01:36:12 -0000
Received: (qmail 20318 invoked from network); 10 Dec 2003 23:44:54 -0000
Received: from  (HELO columbia.edu) ()
  by mail.identitytheft911.com with SMTP; 10 Dec 2003 23:44:54 -0000
Message-ID: <3FD7B00F.3050605@columbia.edu>
Date: Wed, 10 Dec 2003 15:45:19 -0800
From: Paul Ferraro <pmf8@columbia.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tapestry users <tapestry-user@jakarta.apache.org>
Subject: Re: Role management in Tapestry Web-Applications
References: <008301c3be58$795b9370$6501a8c0@ALMIGHTYBEAST>
 <1071098760.1091.4.camel@camembert.psynix.com>
In-Reply-To: <1071098760.1091.4.camel@camembert.psynix.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Here's an additional suggestion...
Rather than be limitted to strings for property values, you can bind 
your specification property directly to an object by adding just a 
little more code to Howard's example:

import blah.blah.Role;
import org.apache.tapestry.util.prop.OgnlUtils;
...

public void pageValidate(IRequestCycle cycle)
{
  Role requiredRole = (Role) OgnlUtils.get(this.getSpecification().getProperty("requiredRole"), this.getEngine().getResourceResolver(), this);

  Visit visit = (Visit) this.getVisit();

  Role currentRole = visit.getCurrentRole();

  if (!requiredRole.equals(currentRole))
  {
    // throw a redirect to an error page ?
  }
}


Where my page specification might look like this:

<page-specification class="blah.blah.ProtectedPage">
	<property name="requiredRole" value="@blah.blah.RoleEnum@ADMINISTRATOR"/>
	...
</page-specification>


Paul Ferraro

John Meredith wrote:

>This is a great tip!
>
>I'd been screwing around with my own custom role based implementation
>for a while now and didn't like it at all (although it worked).
>
>Easy to implement for all pages and configured in the spec. Tapestry
>continues to impress :-)
>
>  - John
>
>On Tue, 2003-12-09 at 14:29, Howard M. Lewis Ship wrote:
>  
>
>>My intent for this was that your application would use a common base class that implements the
>>validate() method.  All your application pages would inherit from your custom page class.
>>
>>A little known feature of Tapestry is the support for meta-data in the page (and component)
>>specifications.  That's the <property> element, which allows you to store name/value pairs.
>>
>>See http://jakarta.apache.org/tapestry/doc/api/org/apache/tapestry/util/IPropertyHolder.html
>>
>>So you could have code in your base page class such as:
>>
>>public void validate(IRequestCycle cycle)
>>{
>>  String requiredRole = getSpecification().getProperty("requiredRole");
>>
>>  Visit visit = (Visit)getVisit();
>>
>>  String currentRole = visit.getCurrentRole();
>>
>>  if (incompatibleRole(requiredRole, currentRole))
>>  {
>>    // throw a redirect to an error page ?
>>  }
>>
>>}
>>
>>--
>>Howard M. Lewis Ship
>>Creator, Tapestry: Java Web Components
>>http://jakarta.apache.org/tapestry
>>http://jakarta.apache.org/commons/sandbox/hivemind/
>>http://javatapestry.blogspot.com
>>
>>    
>>
>>>-----Original Message-----
>>>From: Peter Butler [mailto:peter.butler@141.com] 
>>>Sent: Monday, December 08, 2003 10:38 PM
>>>To: 'Tapestry users'
>>>Subject: RE: Role management in Tapestry Web-Applications
>>>
>>>
>>>Hi Yevgeniy
>>>
>>>I've done this recently for a web application, and it's not hard to do
>>>using Tapestry.  All I did was create a subclass of BasePage 
>>>like this:
>>>
>>>public class ProtectedPage extends BasePage {
>>>	public void validate(IRequestCycle cycle) {
>>>		super.validate(cycle);
>>>		Visit visit = (Visit) getVisit();
>>>
>>>		if (visit == null || !visit.isLoggedIn()) {
>>>			Login login = (Login) cycle.getPage("Login");
>>>			login.setCallback(new PageCallback(this));
>>>			throw new PageRedirectException(login);
>>>		}
>>>	}
>>>}
>>>
>>>Then you need to create a Login page that authenticates the user and a
>>>Visit object with the isLoggedIn property.  The Login page finds the
>>>user in the database and sets it on the visit object.
>>>
>>>Each user has a role and each role has the functions that are allowed
>>>for that role.  The function class looks like this:
>>>
>>>public class Function {
>>>	private String name;
>>>	private String pageName;
>>>	private boolean visible;
>>>	private int sortOrder;
>>>...
>>>}
>>>
>>>I use the functions that are available for the user (and that are
>>>visible) to create the links in the menu for the user once they are
>>>logged in.  I'm also going to add code to the ProtectedPage 
>>>class above
>>>to check that the user has access to the page.
>>>
>>>This seems to work pretty well, although I will have to be 
>>>careful that
>>>the functions stored in the database match the page names, otherwise
>>>I'll have some pretty annoyed users!
>>>
>>>Hope this helps.
>>>
>>>Peter Butler
>>>
>>>Clever Software Limited
>>>
>>>-----Original Message-----
>>>From: illyushyn@dev.kck.ru [mailto:illyushyn@dev.kck.ru] 
>>>Sent: Tuesday, 9 December 2003 3:06 a.m.
>>>To: tapestry-user@jakarta.apache.org
>>>Subject: Role management in Tapestry Web-Applications
>>>
>>>
>>>Hallo .
>>>
>>>I'm trying to use Tapestry and I like it more and more.
>>>It's made in a really nice way, good for you!
>>>
>>>But I have one question.
>>>Is there a way to create a role- dependent Web-Application using
>>>Tapestry? I have a big Web-Application and need a structure to divide
>>>users in this system according to their roles. For example Admin cat
>>>visit pageX but Guest can't do this. If he tries, an error 
>>>page appears,
>>>for example. And such a behavior I need almost on every page. Is there
>>>any built in way to do it? Or may be you have an Idea how it could be
>>>done?
>>>
>>>Thanks in advance.
>>>Yevgeniy Illyushyn.
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>>    
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org