You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Christopher Dodunski <Ch...@christopher.net.nz> on 2017/11/26 04:16:31 UTC
Authorisation in Tapestry Applications
Hi All,
The Tapestry Hotel demo app has proven a good lesson in implementing
AUTHENTICATION. Having developed a multi-user Tapestry app, I now need to
implement AUTHORISATION, but the Hotel demo app is aimed at just one user
type: visitors.
I created a role table in my Tapestry application (screenshot attached).
Permissions are specified in terms of CRUD actions, meaning there are four
columns for each domain (Hibernate) entity: e.g. CAN_CREATE_USER,
CAN_READ_USER, CAN_UPDATE_USER, CAN_DELETE_USER, etc.
The Hotel demo app enforces authentication by including or excluding the
@AnonymousAccess annotation on page classes. I imagine enforcing page
authorisation could be done similarly, using a single annotation. This
could prevent users lacking the necessary privilege from accessing certain
pages, for instance 'pages/DeleteUser.java'. Ideally, though, it would be
desirable to also prevent users from navigating to such pages in the first
place. Either the PageLink icon is greyed out, or there is no link.
I am seeking some direction - perhaps even some example code - in how to
have my Tapestry application enforce the privileges specified in my role
table.
Thanks & regards,
Chris.
Re: Grid component customization
Posted by Erich Gormann <e....@gormann.de>.
Hi Thiago and Chris,
these are very precious hints, using the mixin way would be more elegant
than overwriting the GridRows component, according to my opinion.
Thanks a lot, and yes: the overwrite did work, but I will follow the
mixin way...
Greetings, Erich
Am 06.02.2018 13:02, schrieb Chris Poulsen:
> There is already a decent amount of RenderNotification mixins present on
> the various grid components allowing you to manipulate the MarkupWriter per
> row, column and header column.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Grid component customization
Posted by Chris Poulsen <ma...@nesluop.dk>.
There is already a decent amount of RenderNotification mixins present on
the various grid components allowing you to manipulate the MarkupWriter per
row, column and header column.
--
Chris
On Tue, Feb 6, 2018 at 12:51 PM, Thiago H. de Paula Figueiredo <
thiagohp@gmail.com> wrote:
> Another possibility for doing that is to use Tapestry DOM rewriting. You'd
> create a mixin, apply it to your grids, and the mixin would have an
> afterRender(MarkupWriter writer) method. writer.getDocument() gives you the
> Tapestry DOM element tree. From it, you can find the grids, its tags and
> change them to your pleasure. tapestry-xpath allows you to find DOM
> elements using XPath and may help you in this task.
>
> Have you tried what I suggested (component overriding?)?
>
> On Mon, Feb 5, 2018 at 4:39 PM, Erich Gormann <e....@gormann.de>
> wrote:
>
> > Hi Thiago,
> >
> > Our HTML designer wants to create a fully responsive website based on
> > Tapestry 5.3.8.
> > So she asked me, if it would be possible, to render some data attributes
> > inside the td tags of the grid.
> >
> > Regards, Erich
> >
> >
> >
> > Am 05.02.2018 18:49, schrieb Thiago H. de Paula Figueiredo:
> >
> >> Hello!
> >>
> >> Well, you can override a component, you can decorate or advise the
> >> ComponentClassResolver service. Specifically, when
> >> the resolveComponentTypeToClassName(String componentType) method is
> >> called,
> >> if componentType.equalsIgnoreCase("GridColumns"), then return the fully
> >> qualified class name of your GridColumns replacement component.
> Otherwise,
> >> let it return normally. That's basically how ComponentSubstitutor is
> >> implemented inside Tapestry itself.
> >>
> >> Just curious: what customizations do you want to do?
> >>
> >> On Sat, Feb 3, 2018 at 9:01 AM, Erich Gormann<e....@gormann.de>
> >> wrote:
> >>
> >> Dear Thiago,
> >>>
> >>> first thanks for this solution, but can you please propose a solution
> >>> which works under Tapestry 5.3.8? This would be great.
> >>>
> >>> Anyway, I tried to migrate our applications to 5.4.3 yesterday and
> nearly
> >>> succeeded, but only nearly, due to problems with the removed javassist
> >>> lib.
> >>> ut this would be another topic in this support list.
> >>>
> >>> Thanks and Best Regards
> >>> Erich
> >>>
> >>>
> >>> Am 28.11.2017 16:32, schrieb Thiago H. de Paula Figueiredo:
> >>>
> >>> On Tue, Nov 28, 2017 at 6:33 AM, Erich Gormann<e....@gormann.de>
> >>>> wrote:
> >>>>
> >>>> Dear all,
> >>>>
> >>>>> Hi!
> >>>>>
> >>>>
> >>>> I wanted to customize the GridColumns component, which is embedded
> >>>> inside
> >>>>
> >>>>> the Grid component, by trying different approaches.
> >>>>>
> >>>>> Finally I failed, because it was neither possible by a request filter
> >>>>> replacing the GridColumns component at runtime with my customized
> one,
> >>>>>
> >>>>> This wasn't expected to work, but I'm curious in how you tried to do
> >>>> it.
> >>>> :)
> >>>>
> >>>>
> >>>> nor did it work to use an own template for the Grid component pointing
> >>>> to
> >>>>
> >>>>> my customized version of GridColumns.
> >>>>>
> >>>>> What is the best way to do this? The GridColumns component is a
> private
> >>>>> component inside the Grid and I wonder how to replace it.
> >>>>>
> >>>>> Contribute to the ComponentOverride distributed configuration, which
> >>>>> is a
> >>>>>
> >>>> Map<Class, Class>, the key being the component or page or mixin class
> to
> >>>> be
> >>>> replaced, the value being the replacement.
> >>>>
> >>>> Here's an example from Tapestry's test suite:
> >>>>
> >>>> @Contribute(ComponentReplacer.class)
> >>>> public static void
> >>>> overridePageAndComponentAndMixin(MappedConfiguration<Class, Class>
> >>>> configuration) {
> >>>> configuration.add(OverridenPage.class, OverridePage.class);
> >>>> configuration.add(OverridenComponent.class,
> >>>> OverrideComponent.class);
> >>>> configuration.add(OverridenMixin.class, OverrideMixin.class);
> >>>> }
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >>> For additional commands, e-mail: users-help@tapestry.apache.org
> >>>
> >>>
> >>>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
>
> --
> Thiago
>
Re: Grid component customization
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
Another possibility for doing that is to use Tapestry DOM rewriting. You'd
create a mixin, apply it to your grids, and the mixin would have an
afterRender(MarkupWriter writer) method. writer.getDocument() gives you the
Tapestry DOM element tree. From it, you can find the grids, its tags and
change them to your pleasure. tapestry-xpath allows you to find DOM
elements using XPath and may help you in this task.
Have you tried what I suggested (component overriding?)?
On Mon, Feb 5, 2018 at 4:39 PM, Erich Gormann <e....@gormann.de> wrote:
> Hi Thiago,
>
> Our HTML designer wants to create a fully responsive website based on
> Tapestry 5.3.8.
> So she asked me, if it would be possible, to render some data attributes
> inside the td tags of the grid.
>
> Regards, Erich
>
>
>
> Am 05.02.2018 18:49, schrieb Thiago H. de Paula Figueiredo:
>
>> Hello!
>>
>> Well, you can override a component, you can decorate or advise the
>> ComponentClassResolver service. Specifically, when
>> the resolveComponentTypeToClassName(String componentType) method is
>> called,
>> if componentType.equalsIgnoreCase("GridColumns"), then return the fully
>> qualified class name of your GridColumns replacement component. Otherwise,
>> let it return normally. That's basically how ComponentSubstitutor is
>> implemented inside Tapestry itself.
>>
>> Just curious: what customizations do you want to do?
>>
>> On Sat, Feb 3, 2018 at 9:01 AM, Erich Gormann<e....@gormann.de>
>> wrote:
>>
>> Dear Thiago,
>>>
>>> first thanks for this solution, but can you please propose a solution
>>> which works under Tapestry 5.3.8? This would be great.
>>>
>>> Anyway, I tried to migrate our applications to 5.4.3 yesterday and nearly
>>> succeeded, but only nearly, due to problems with the removed javassist
>>> lib.
>>> ut this would be another topic in this support list.
>>>
>>> Thanks and Best Regards
>>> Erich
>>>
>>>
>>> Am 28.11.2017 16:32, schrieb Thiago H. de Paula Figueiredo:
>>>
>>> On Tue, Nov 28, 2017 at 6:33 AM, Erich Gormann<e....@gormann.de>
>>>> wrote:
>>>>
>>>> Dear all,
>>>>
>>>>> Hi!
>>>>>
>>>>
>>>> I wanted to customize the GridColumns component, which is embedded
>>>> inside
>>>>
>>>>> the Grid component, by trying different approaches.
>>>>>
>>>>> Finally I failed, because it was neither possible by a request filter
>>>>> replacing the GridColumns component at runtime with my customized one,
>>>>>
>>>>> This wasn't expected to work, but I'm curious in how you tried to do
>>>> it.
>>>> :)
>>>>
>>>>
>>>> nor did it work to use an own template for the Grid component pointing
>>>> to
>>>>
>>>>> my customized version of GridColumns.
>>>>>
>>>>> What is the best way to do this? The GridColumns component is a private
>>>>> component inside the Grid and I wonder how to replace it.
>>>>>
>>>>> Contribute to the ComponentOverride distributed configuration, which
>>>>> is a
>>>>>
>>>> Map<Class, Class>, the key being the component or page or mixin class to
>>>> be
>>>> replaced, the value being the replacement.
>>>>
>>>> Here's an example from Tapestry's test suite:
>>>>
>>>> @Contribute(ComponentReplacer.class)
>>>> public static void
>>>> overridePageAndComponentAndMixin(MappedConfiguration<Class, Class>
>>>> configuration) {
>>>> configuration.add(OverridenPage.class, OverridePage.class);
>>>> configuration.add(OverridenComponent.class,
>>>> OverrideComponent.class);
>>>> configuration.add(OverridenMixin.class, OverrideMixin.class);
>>>> }
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Thiago
Re: Grid component customization
Posted by Erich Gormann <e....@gormann.de>.
Hi Thiago,
Our HTML designer wants to create a fully responsive website based on
Tapestry 5.3.8.
So she asked me, if it would be possible, to render some data attributes
inside the td tags of the grid.
Regards, Erich
Am 05.02.2018 18:49, schrieb Thiago H. de Paula Figueiredo:
> Hello!
>
> Well, you can override a component, you can decorate or advise the
> ComponentClassResolver service. Specifically, when
> the resolveComponentTypeToClassName(String componentType) method is called,
> if componentType.equalsIgnoreCase("GridColumns"), then return the fully
> qualified class name of your GridColumns replacement component. Otherwise,
> let it return normally. That's basically how ComponentSubstitutor is
> implemented inside Tapestry itself.
>
> Just curious: what customizations do you want to do?
>
> On Sat, Feb 3, 2018 at 9:01 AM, Erich Gormann<e....@gormann.de> wrote:
>
>> Dear Thiago,
>>
>> first thanks for this solution, but can you please propose a solution
>> which works under Tapestry 5.3.8? This would be great.
>>
>> Anyway, I tried to migrate our applications to 5.4.3 yesterday and nearly
>> succeeded, but only nearly, due to problems with the removed javassist lib.
>> ut this would be another topic in this support list.
>>
>> Thanks and Best Regards
>> Erich
>>
>>
>> Am 28.11.2017 16:32, schrieb Thiago H. de Paula Figueiredo:
>>
>>> On Tue, Nov 28, 2017 at 6:33 AM, Erich Gormann<e....@gormann.de>
>>> wrote:
>>>
>>> Dear all,
>>>> Hi!
>>>
>>> I wanted to customize the GridColumns component, which is embedded inside
>>>> the Grid component, by trying different approaches.
>>>>
>>>> Finally I failed, because it was neither possible by a request filter
>>>> replacing the GridColumns component at runtime with my customized one,
>>>>
>>> This wasn't expected to work, but I'm curious in how you tried to do it.
>>> :)
>>>
>>>
>>> nor did it work to use an own template for the Grid component pointing to
>>>> my customized version of GridColumns.
>>>>
>>>> What is the best way to do this? The GridColumns component is a private
>>>> component inside the Grid and I wonder how to replace it.
>>>>
>>>> Contribute to the ComponentOverride distributed configuration, which is a
>>> Map<Class, Class>, the key being the component or page or mixin class to
>>> be
>>> replaced, the value being the replacement.
>>>
>>> Here's an example from Tapestry's test suite:
>>>
>>> @Contribute(ComponentReplacer.class)
>>> public static void
>>> overridePageAndComponentAndMixin(MappedConfiguration<Class, Class>
>>> configuration) {
>>> configuration.add(OverridenPage.class, OverridePage.class);
>>> configuration.add(OverridenComponent.class,
>>> OverrideComponent.class);
>>> configuration.add(OverridenMixin.class, OverrideMixin.class);
>>> }
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Grid component customization
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
Hello!
Well, you can override a component, you can decorate or advise the
ComponentClassResolver service. Specifically, when
the resolveComponentTypeToClassName(String componentType) method is called,
if componentType.equalsIgnoreCase("GridColumns"), then return the fully
qualified class name of your GridColumns replacement component. Otherwise,
let it return normally. That's basically how ComponentSubstitutor is
implemented inside Tapestry itself.
Just curious: what customizations do you want to do?
On Sat, Feb 3, 2018 at 9:01 AM, Erich Gormann <e....@gormann.de> wrote:
> Dear Thiago,
>
> first thanks for this solution, but can you please propose a solution
> which works under Tapestry 5.3.8? This would be great.
>
> Anyway, I tried to migrate our applications to 5.4.3 yesterday and nearly
> succeeded, but only nearly, due to problems with the removed javassist lib.
> ut this would be another topic in this support list.
>
> Thanks and Best Regards
> Erich
>
>
> Am 28.11.2017 16:32, schrieb Thiago H. de Paula Figueiredo:
>
>> On Tue, Nov 28, 2017 at 6:33 AM, Erich Gormann<e....@gormann.de>
>> wrote:
>>
>> Dear all,
>>>
>>> Hi!
>>
>>
>> I wanted to customize the GridColumns component, which is embedded inside
>>> the Grid component, by trying different approaches.
>>>
>>> Finally I failed, because it was neither possible by a request filter
>>> replacing the GridColumns component at runtime with my customized one,
>>>
>>
>> This wasn't expected to work, but I'm curious in how you tried to do it.
>> :)
>>
>>
>> nor did it work to use an own template for the Grid component pointing to
>>> my customized version of GridColumns.
>>>
>>> What is the best way to do this? The GridColumns component is a private
>>> component inside the Grid and I wonder how to replace it.
>>>
>>> Contribute to the ComponentOverride distributed configuration, which is a
>> Map<Class, Class>, the key being the component or page or mixin class to
>> be
>> replaced, the value being the replacement.
>>
>> Here's an example from Tapestry's test suite:
>>
>> @Contribute(ComponentReplacer.class)
>> public static void
>> overridePageAndComponentAndMixin(MappedConfiguration<Class, Class>
>> configuration) {
>> configuration.add(OverridenPage.class, OverridePage.class);
>> configuration.add(OverridenComponent.class,
>> OverrideComponent.class);
>> configuration.add(OverridenMixin.class, OverrideMixin.class);
>> }
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Thiago
Re: Grid component customization
Posted by Erich Gormann <e....@gormann.de>.
Dear Thiago,
first thanks for this solution, but can you please propose a solution
which works under Tapestry 5.3.8? This would be great.
Anyway, I tried to migrate our applications to 5.4.3 yesterday and
nearly succeeded, but only nearly, due to problems with the removed
javassist lib.
ut this would be another topic in this support list.
Thanks and Best Regards
Erich
Am 28.11.2017 16:32, schrieb Thiago H. de Paula Figueiredo:
> On Tue, Nov 28, 2017 at 6:33 AM, Erich Gormann<e....@gormann.de> wrote:
>
>> Dear all,
>>
> Hi!
>
>
>> I wanted to customize the GridColumns component, which is embedded inside
>> the Grid component, by trying different approaches.
>>
>> Finally I failed, because it was neither possible by a request filter
>> replacing the GridColumns component at runtime with my customized one,
>
> This wasn't expected to work, but I'm curious in how you tried to do it. :)
>
>
>> nor did it work to use an own template for the Grid component pointing to
>> my customized version of GridColumns.
>>
>> What is the best way to do this? The GridColumns component is a private
>> component inside the Grid and I wonder how to replace it.
>>
> Contribute to the ComponentOverride distributed configuration, which is a
> Map<Class, Class>, the key being the component or page or mixin class to be
> replaced, the value being the replacement.
>
> Here's an example from Tapestry's test suite:
>
> @Contribute(ComponentReplacer.class)
> public static void
> overridePageAndComponentAndMixin(MappedConfiguration<Class, Class>
> configuration) {
> configuration.add(OverridenPage.class, OverridePage.class);
> configuration.add(OverridenComponent.class, OverrideComponent.class);
> configuration.add(OverridenMixin.class, OverrideMixin.class);
> }
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Grid component customization
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
On Tue, Nov 28, 2017 at 6:33 AM, Erich Gormann <e....@gormann.de> wrote:
> Dear all,
>
Hi!
> I wanted to customize the GridColumns component, which is embedded inside
> the Grid component, by trying different approaches.
>
> Finally I failed, because it was neither possible by a request filter
> replacing the GridColumns component at runtime with my customized one,
This wasn't expected to work, but I'm curious in how you tried to do it. :)
> nor did it work to use an own template for the Grid component pointing to
> my customized version of GridColumns.
>
> What is the best way to do this? The GridColumns component is a private
> component inside the Grid and I wonder how to replace it.
>
Contribute to the ComponentOverride distributed configuration, which is a
Map<Class, Class>, the key being the component or page or mixin class to be
replaced, the value being the replacement.
Here's an example from Tapestry's test suite:
@Contribute(ComponentReplacer.class)
public static void
overridePageAndComponentAndMixin(MappedConfiguration<Class, Class>
configuration) {
configuration.add(OverridenPage.class, OverridePage.class);
configuration.add(OverridenComponent.class, OverrideComponent.class);
configuration.add(OverridenMixin.class, OverrideMixin.class);
}
--
Thiago
Grid component customization
Posted by Erich Gormann <e....@gormann.de>.
Dear all,
I wanted to customize the GridColumns component, which is embedded
inside the Grid component, by trying different approaches.
Finally I failed, because it was neither possible by a request filter
replacing the GridColumns component at runtime with my customized one,
nor did it work to use an own template for the Grid component pointing
to my customized version of GridColumns.
What is the best way to do this? The GridColumns component is a private
component inside the Grid and I wonder how to replace it.
I even tried to put a complete own Grid component in my application, but
this ends up in the exception, that there is no type coercer available
for my own Grid implementation to the original Tapestry Grids bean
model. And even if this had worked, it would not be a nice way.
Your help is appreciated. Thanks in advance.
Greetings, Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authorisation in Tapestry Applications
Posted by Christopher Dodunski <Ch...@christopher.net.nz>.
Hi Kalle,
Thank you for explaining what Tynamo Model has to offer. It certainly
looks interesting, and promises to save much time in creating CRUD heavy
apps in Tapestry. I'll give it a go on my next webapp.
For now, I think I'll simply inspect the user's permissions in the
onActivate() method of a CRUD page, and immediately bounce the user back
to the previous page if their permissions disallow that particular CRUD
action (e.g. create a company).
Chris.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authorisation in Tapestry Applications
Posted by Kalle Korhonen <ka...@gmail.com>.
Attachments don't come through to the mailing list but so you have a table
that describes permissions for all of the entities? Obviously, visually
showing or hiding buttons on the client doesn't really enforce security but
you are right, Tynamo doesn't really offer anything for this case out of
the box. It'd relatively easy to write custom security annotations for your
case though, for example following the source code in tapesty-security-jpa
(see http://www.tynamo.org/tapestry-security-jpa+guide/). On the other
hand, if you used the same CRUD pages for all your entities (similar to
http://www.tynamo.org/tapestry-model+guide/), you'd only need to implement
the security checks in one place, making annotations quite useless. It all
depends on how complex your data is and how customizable you need your
pages to be. If you have a lot of entities but it editing the data is
mainly form-based, I'd almost encourage you to take a look at
tapestry-model and how well that would work for you. There's a fair bit to
learn there if you need to customize the pages heavily but it could give
you a lot for free, including having the security checks all in on page
(both visually and at the data level).
Kalle
On Sun, Nov 26, 2017 at 3:09 PM, Christopher Dodunski <
ChrisFromTapestry@christopher.net.nz> wrote:
> Hi Basile,
>
> Thanks for replying. Yes, I'd discovered Tynamo, but wondered whether it
> might be overkill given that I'd already inherited authentication code
> from the Tapestry Hotel demo app.
>
> It wasn't clear on the Tynamo site how Tynamo acquires permissions from my
> (attached) 'role' table. And if I have to write code to do this, then why
> I need Tynamo rather than just creating a method in my user entity class
> along the lines of...
>
> if(currentUser.isPermitted("company:create")){
>
> //Show create company button
>
> }
> else{
>
> //Grey out or hide create company button
>
> }
>
> Regards,
>
> Chris.
>
>
> > http://www.tynamo.org/tapestry-security+guide/
> >
> > https://tapestry.apache.org/security.html
> >
> > Le 26/11/2017 à 05:16, Christopher Dodunski a écrit :
> >> Hi All,
> >>
> >> The Tapestry Hotel demo app has proven a good lesson in implementing
> >> AUTHENTICATION. Having developed a multi-user Tapestry app, I now need
> >> to
> >> implement AUTHORISATION, but the Hotel demo app is aimed at just one
> >> user
> >> type: visitors.
> >>
> >> I created a role table in my Tapestry application (screenshot attached).
> >> Permissions are specified in terms of CRUD actions, meaning there are
> >> four
> >> columns for each domain (Hibernate) entity: e.g. CAN_CREATE_USER,
> >> CAN_READ_USER, CAN_UPDATE_USER, CAN_DELETE_USER, etc.
> >>
> >> The Hotel demo app enforces authentication by including or excluding the
> >> @AnonymousAccess annotation on page classes. I imagine enforcing page
> >> authorisation could be done similarly, using a single annotation. This
> >> could prevent users lacking the necessary privilege from accessing
> >> certain
> >> pages, for instance 'pages/DeleteUser.java'. Ideally, though, it would
> >> be
> >> desirable to also prevent users from navigating to such pages in the
> >> first
> >> place. Either the PageLink icon is greyed out, or there is no link.
> >>
> >> I am seeking some direction - perhaps even some example code - in how to
> >> have my Tapestry application enforce the privileges specified in my role
> >> table.
> >>
> >> Thanks & regards,
> >>
> >> Chris.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >> For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
Re: Authorisation in Tapestry Applications
Posted by Christopher Dodunski <Ch...@christopher.net.nz>.
Hi Basile,
Thanks for replying. Yes, I'd discovered Tynamo, but wondered whether it
might be overkill given that I'd already inherited authentication code
from the Tapestry Hotel demo app.
It wasn't clear on the Tynamo site how Tynamo acquires permissions from my
(attached) 'role' table. And if I have to write code to do this, then why
I need Tynamo rather than just creating a method in my user entity class
along the lines of...
if(currentUser.isPermitted("company:create")){
//Show create company button
}
else{
//Grey out or hide create company button
}
Regards,
Chris.
> http://www.tynamo.org/tapestry-security+guide/
>
> https://tapestry.apache.org/security.html
>
> Le 26/11/2017 � 05:16, Christopher Dodunski a �crit :
>> Hi All,
>>
>> The Tapestry Hotel demo app has proven a good lesson in implementing
>> AUTHENTICATION. Having developed a multi-user Tapestry app, I now need
>> to
>> implement AUTHORISATION, but the Hotel demo app is aimed at just one
>> user
>> type: visitors.
>>
>> I created a role table in my Tapestry application (screenshot attached).
>> Permissions are specified in terms of CRUD actions, meaning there are
>> four
>> columns for each domain (Hibernate) entity: e.g. CAN_CREATE_USER,
>> CAN_READ_USER, CAN_UPDATE_USER, CAN_DELETE_USER, etc.
>>
>> The Hotel demo app enforces authentication by including or excluding the
>> @AnonymousAccess annotation on page classes. I imagine enforcing page
>> authorisation could be done similarly, using a single annotation. This
>> could prevent users lacking the necessary privilege from accessing
>> certain
>> pages, for instance 'pages/DeleteUser.java'. Ideally, though, it would
>> be
>> desirable to also prevent users from navigating to such pages in the
>> first
>> place. Either the PageLink icon is greyed out, or there is no link.
>>
>> I am seeking some direction - perhaps even some example code - in how to
>> have my Tapestry application enforce the privileges specified in my role
>> table.
>>
>> Thanks & regards,
>>
>> Chris.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>