You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Thibaut Gadiolet <th...@gmail.com> on 2009/06/03 21:13:18 UTC
Re: Authentification in Tapestry
OK, I stop using a full T5 solution to handle authentication/authorization.
I am using ACEGI with a basic configuration, you can easily integrate it to
your T5 projects, It's not as heavy as I thought, and it turned out to be
very efficient.
But if someone gets a better solution full T5, I'm open.
Thanks,
Thibaut
On Fri, May 22, 2009 at 4:10 AM, Sergey Didenko <se...@gmail.com>wrote:
> Thanks for tips, Thiago!
>
> > This has been discussed in this list before. Check the archives
> > (http://www.nabble.com/Tapestry---User-f340.html) for some ideas.
> > Usually they are centered around a RequestFilter or a
> > ComponentClassTransformer.
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Authentification in Tapestry
Posted by Thibaut Gadiolet <th...@gmail.com>.
Thank you guys,
I like the idea of implementing my own dispatcher.
BTW, Thiago, ACEGI is what I am using, as I said at the top of this
conversation.
I think it is still the best way to solve Authentication/authorization
issues with Tapestry... but it's always interesting to see if a full T5
solution exist, like a dispacher, it seems to be a lighter solution.... and
maybe include a new security package for the next Tapestry version.
Thibaut.
On Wed, Jun 3, 2009 at 5:47 PM, Joost Schouten (mailing lists) <
joost_ml@jsportal.com> wrote:
> We have build our own using a custom RequestFilter which is not
> dissimilar to Christians Dispatcher approach.
>
> Cheers,
> Joost
>
> PS: I love the simple way to also check for ajax requests to secure
> pages and forward to the login if needed:
>
> PrintWriter writer = response.getPrintWriter("application/json");
> writer.write("{'redirectURL':'" + loginPageUrl + "'}");
> writer.close();
>
> On Thu, Jun 4, 2009 at 7:30 AM, Thiago H. de Paula Figueiredo
> <th...@gmail.com> wrote:
> > Em Wed, 03 Jun 2009 16:13:18 -0300, Thibaut Gadiolet
> > <th...@gmail.com> escreveu:
> >
> >> OK, I stop using a full T5 solution to handle
> >> authentication/authorization.
> >> I am using ACEGI with a basic configuration, you can easily integrate it
> >> to your T5 projects, It's not as heavy as I thought, and it turned out
> to
> >> be very efficient.
> >
> > Why not Spring Security (aka Acegi 2)? :) I'm using it with the help of
> > tapestry-spring-security.
> >
> > --
> > Thiago H. de Paula Figueiredo
> > Independent Java consultant, developer, and instructor
> > http://www.arsmachina.com.br/thiago
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Authentification in Tapestry
Posted by "Joost Schouten (mailing lists)" <jo...@jsportal.com>.
We have build our own using a custom RequestFilter which is not
dissimilar to Christians Dispatcher approach.
Cheers,
Joost
PS: I love the simple way to also check for ajax requests to secure
pages and forward to the login if needed:
PrintWriter writer = response.getPrintWriter("application/json");
writer.write("{'redirectURL':'" + loginPageUrl + "'}");
writer.close();
On Thu, Jun 4, 2009 at 7:30 AM, Thiago H. de Paula Figueiredo
<th...@gmail.com> wrote:
> Em Wed, 03 Jun 2009 16:13:18 -0300, Thibaut Gadiolet
> <th...@gmail.com> escreveu:
>
>> OK, I stop using a full T5 solution to handle
>> authentication/authorization.
>> I am using ACEGI with a basic configuration, you can easily integrate it
>> to your T5 projects, It's not as heavy as I thought, and it turned out to
>> be very efficient.
>
> Why not Spring Security (aka Acegi 2)? :) I'm using it with the help of
> tapestry-spring-security.
>
> --
> Thiago H. de Paula Figueiredo
> Independent Java consultant, developer, and instructor
> http://www.arsmachina.com.br/thiago
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authentification in Tapestry
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
Em Wed, 03 Jun 2009 16:13:18 -0300, Thibaut Gadiolet
<th...@gmail.com> escreveu:
> OK, I stop using a full T5 solution to handle
> authentication/authorization.
> I am using ACEGI with a basic configuration, you can easily integrate it
> to your T5 projects, It's not as heavy as I thought, and it turned out
> to be very efficient.
Why not Spring Security (aka Acegi 2)? :) I'm using it with the help of
tapestry-spring-security.
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authentification in Tapestry
Posted by Massimo Lusetti <ml...@gmail.com>.
On Wed, Jun 3, 2009 at 9:13 PM, Thibaut Gadiolet
<th...@gmail.com> wrote:
> OK, I stop using a full T5 solution to handle authentication/authorization.
> I am using ACEGI with a basic configuration, you can easily integrate it to
> your T5 projects, It's not as heavy as I thought, and it turned out to be
> very efficient.
>
> But if someone gets a better solution full T5, I'm open.
I actually don't know if it's a better solution but i'm interested in
knowing what you think about chenillekit-access module.
Warn: you have to checkout sources
Regards
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: Authentification in Tapestry
Posted by "Newham, Cameron" <ca...@bl.uk>.
That's the way I've written the access control on our system.
-----Original Message-----
From: Christian Senk [mailto:senk.christian@googlemail.com]
Sent: 03 June 2009 20:24
To: Tapestry users
Subject: Re: Authentification in Tapestry
We are using a custom dispatcher called "AccessControlDispatcher".
It is like the AccessDispatcher described in the howto-wiki, but in
addition
it checks for certain roles.
This works through a SessionState object that implements an interface
used
by the dispatcher to determine if the SessionState object has the
required role(s)
or not.
All you have to do is to annotate the desired page with
"@Secured(Role.ADMIN)"
for example. the dispatcher checks if the current user has the required
role for this page,
if not the dispatcher calls an AccessDeniedCallback, where you can
redirect to the login page
or something like that. The Callback and the Class of the SessionState
object that implements
the interface needed by the dispatcher are contributable over a mapped
configuration.
It is very simple and i think there is a lot potential to improve this,
but
until now it works for us.
Maybe this idea helps you ^.^
Thibaut Gadiolet schrieb:
> OK, I stop using a full T5 solution to handle
authentication/authorization.
> I am using ACEGI with a basic configuration, you can easily integrate
it to
> your T5 projects, It's not as heavy as I thought, and it turned out
to be
> very efficient.
>
> But if someone gets a better solution full T5, I'm open.
>
> Thanks,
>
> Thibaut
>
> On Fri, May 22, 2009 at 4:10 AM, Sergey Didenko
<se...@gmail.com>wrote:
>
>
>> Thanks for tips, Thiago!
>>
>>
>>> This has been discussed in this list before. Check the archives
>>> (http://www.nabble.com/Tapestry---User-f340.html) for some ideas.
>>> Usually they are centered around a RequestFilter or a
>>> ComponentClassTransformer.
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
**************************************************************************
Experience the British Library online at www.bl.uk
The British Library's new interactive Annual Report and Accounts 2007/08 : www.bl.uk/knowledge
Help the British Library conserve the world's knowledge. Adopt a Book. www.bl.uk/adoptabook
The Library's St Pancras site is WiFi - enabled
*************************************************************************
The information contained in this e-mail is confidential and may be legally privileged. It is intended for the addressee(s) only. If you are not the intended recipient, please delete this e-mail and notify the postmaster@bl.uk : The contents of this e-mail must not be disclosed or copied without the sender's consent.
The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the British Library. The British Library does not take any responsibility for the views of the author.
*************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authentification in Tapestry
Posted by Massimo Lusetti <ml...@gmail.com>.
On Thu, Jun 4, 2009 at 3:41 AM, Thiago H. de Paula Figueiredo
<th...@gmail.com> wrote:
> Em Wed, 03 Jun 2009 22:07:28 -0300, Onno Scheffers <on...@piraya.nl>
> escreveu:
>
>> I'm also using a custom dispatcher.
>> The thing I don't like about most of the current examples/solutions I've
>> seen so far is that access is allowed by default if the developer forgets
>> to
>> add a specific annotation. I'd like the page to be protected unless the
>> developers makes it publicly accessible.
>
> Nice reasoning. :)
That's a policy.
I could see this implemented as a different protection strategy.
Cheers
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authentification in Tapestry
Posted by Onno Scheffers <on...@piraya.nl>.
> Why don't you use annotations for that? Something like @PublicPage? If the
> page hasn't it, it is protected.
>
> Unless there are pages that need some internal logic to decide if they're
> public or protected (hence an interface with a isPublic() method),
> annotations are a better solution for the problem.
I wanted to make it easy for the developer to have advanced control on who
gets access to the page. For the PublicPage this is not so much an issue.
For the ProtectedPage the developer can implement/override the
isAccessAllowed method.
On some pages we need more advanced control on who gets access. Users of our
system are typically employees of an organisation and the organisation can
decide which modules are accessible to its employees. So for some pages I
have more complex rules than simple role-checking. By subclasses/overriding
I can put all that logic in a single place on the page. This gives us more
freedom.
You are right though, if role-checking is all you want, you can indeed use a
simple annotation-based system.
regards,
Onno
Re: Authentification in Tapestry
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
Em Wed, 03 Jun 2009 22:07:28 -0300, Onno Scheffers <on...@piraya.nl>
escreveu:
> I'm also using a custom dispatcher.
> The thing I don't like about most of the current examples/solutions I've
> seen so far is that access is allowed by default if the developer
> forgets to
> add a specific annotation. I'd like the page to be protected unless the
> developers makes it publicly accessible.
Nice reasoning. :)
> Therefore I setup our dispatcher to always check if the requested page
> implements either a PublicPage interface or a ProtectedPage interface. If
> none of these interfaces is implemented access is denied.
Why don't you use annotations for that? Something like @PublicPage? If the
page hasn't it, it is protected.
Unless there are pages that need some internal logic to decide if they're
public or protected (hence an interface with a isPublic() method),
annotations are a better solution for the problem.
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Authentification in Tapestry
Posted by Onno Scheffers <on...@piraya.nl>.
>
> All you have to do is to annotate the desired page with
> "@Secured(Role.ADMIN)"
I'm also using a custom dispatcher.
The thing I don't like about most of the current examples/solutions I've
seen so far is that access is allowed by default if the developer forgets to
add a specific annotation. I'd like the page to be protected unless the
developers makes it publicly accessible.
Therefore I setup our dispatcher to always check if the requested page
implements either a PublicPage interface or a ProtectedPage interface. If
none of these interfaces is implemented access is denied.
It's a step back because the pages are now expected to implement specific
interfaces again, but I think it's a better fit if you prefer defensive
programming.
- Onno
Re: Authentification in Tapestry
Posted by Christian Senk <se...@googlemail.com>.
We are using a custom dispatcher called "AccessControlDispatcher".
It is like the AccessDispatcher described in the howto-wiki, but in addition
it checks for certain roles.
This works through a SessionState object that implements an interface used
by the dispatcher to determine if the SessionState object has the
required role(s)
or not.
All you have to do is to annotate the desired page with
"@Secured(Role.ADMIN)"
for example. the dispatcher checks if the current user has the required
role for this page,
if not the dispatcher calls an AccessDeniedCallback, where you can
redirect to the login page
or something like that. The Callback and the Class of the SessionState
object that implements
the interface needed by the dispatcher are contributable over a mapped
configuration.
It is very simple and i think there is a lot potential to improve this, but
until now it works for us.
Maybe this idea helps you ^.^
Thibaut Gadiolet schrieb:
> OK, I stop using a full T5 solution to handle authentication/authorization.
> I am using ACEGI with a basic configuration, you can easily integrate it to
> your T5 projects, It's not as heavy as I thought, and it turned out to be
> very efficient.
>
> But if someone gets a better solution full T5, I'm open.
>
> Thanks,
>
> Thibaut
>
> On Fri, May 22, 2009 at 4:10 AM, Sergey Didenko <se...@gmail.com>wrote:
>
>
>> Thanks for tips, Thiago!
>>
>>
>>> This has been discussed in this list before. Check the archives
>>> (http://www.nabble.com/Tapestry---User-f340.html) for some ideas.
>>> Usually they are centered around a RequestFilter or a
>>> ComponentClassTransformer.
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org