Suggestions for secure pages without screen classes?

["Gaasch, Derek" <dg...@montana.edu>]

 

Hello, I'm trying to determine the best design for implementing the
following, and would appreciate any thoughts any of you have for similar
situations:

 

I have multiple turbine sites, some accessible to anyone who finds it,
others will require different levels of access. For instance

 

- http://site/web/servlet/web/index.vm is a public accessible site

- http://site/web/servlet/web/site2,index.vm is a public accessible site

- http://site/web/servlet/web/admin,index.vm is only for administrators

- http://site/web/servlet/web/staff,index.vm is an intranet only for staff

 

For many templates on each of these sites, I don't require Screen Classes...
so my question is has anyone encountered this & come up with a clever design
(or is there one I just don't know about) for implementing an isAuthorized
check based on turbine context without creating screen classes that extend
velocitySecureScreen for each template? 

 

Any thoughts or suggestions will be appreciated!

 

-d

 

Re: Suggestions for secure pages without screen classes?

[Gedin Frederic <fr...@jaluna.com>]

Gaasch, Derek wrote:

> 
>
>Hello, I'm trying to determine the best design for implementing the
>following, and would appreciate any thoughts any of you have for similar
>situations:
>
> 
>
>I have multiple turbine sites, some accessible to anyone who finds it,
>others will require different levels of access. For instance
>
> 
>
>- http://site/web/servlet/web/index.vm is a public accessible site
>
>- http://site/web/servlet/web/site2,index.vm is a public accessible site
>
>- http://site/web/servlet/web/admin,index.vm is only for administrators
>
>- http://site/web/servlet/web/staff,index.vm is an intranet only for staff
>
> 
>
>For many templates on each of these sites, I don't require Screen Classes...
>so my question is has anyone encountered this & come up with a clever design
>(or is there one I just don't know about) for implementing an isAuthorized
>check based on turbine context without creating screen classes that extend
>velocitySecureScreen for each template? 
>
> 
>
>Any thoughts or suggestions will be appreciated!
>
> 
>
>-d
>
> 
>
>
>  
>
I suggest that you create in the appropriate place a class named Default 
which inherits from VelocitySecureScreen.  If Turbine is not able to 
find a screen class for your templates, it will then apply the Default 
class.

Hope this helps

Frédéric



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org

RE: Suggestions for secure pages without screen classes?

[g-...@users.sourceforge.net]

I used to add another valve after DetermineTargetValve in turbine
pipeline to solve this problem. The valve verifed the requested target,
threw Exception if the user is not allowed to visit the page.
Same thing happened in another turbine based project of mine.
http://cyclops-group.sourceforge.net/projects/tornado. A valve is
inserted after DetermineTargetValve. Furthermore, we can also another
valve to check security for Actions.



Regards
Jiaqi Guo
 
g-cyclops@users.sourceforge.net
http://cyclops-group.sourceforge.net

-----Original Message-----
From: Gaasch, Derek [mailto:dgaasch@montana.edu] 
Sent: Friday, November 07, 2003 10:58 AM
To: 'turbine-user@jakarta.apache.org'
Subject: Suggestions for secure pages without screen classes?

 

Hello, I'm trying to determine the best design for implementing the
following, and would appreciate any thoughts any of you have for similar
situations:

 

I have multiple turbine sites, some accessible to anyone who finds it,
others will require different levels of access. For instance

 

- http://site/web/servlet/web/index.vm is a public accessible site

- http://site/web/servlet/web/site2,index.vm is a public accessible site

- http://site/web/servlet/web/admin,index.vm is only for administrators

- http://site/web/servlet/web/staff,index.vm is an intranet only for
staff

 

For many templates on each of these sites, I don't require Screen
Classes...
so my question is has anyone encountered this & come up with a clever
design
(or is there one I just don't know about) for implementing an
isAuthorized
check based on turbine context without creating screen classes that
extend
velocitySecureScreen for each template? 

 

Any thoughts or suggestions will be appreciated!

 

-d

 



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org