You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by mnguyen21 <mi...@wolterskluwer.com> on 2007/10/10 21:21:53 UTC
T5: User validation
Short of adding a filter in the web.xml, is there a way in tapestry 5 to
selectively have certain pages validate user sessions? I'm trying to
unobtrusively have pages redirect the user to log in before they view the
page if their session timed out. Currently, I would need this functionality
for the majority of my pages. There are a few pages that do not require
authentication.
My current thinking is to have a base page class that all the pages
requiring authentication would derive from. This base class would have an
onEvent or BeforeSetup annotation on a common method that would check for
authentication.
I see a few problems with this:
1) If there is a way in T5 to do this, I'd rather not reinvent the wheel.
2) What if pages that don't currently require authentication will change
to require authentication later on? This opens up a whole can of worms with
class refactoring and reimplementation that could be easy or not.
I'd rather it be configurable as to which page classes require
authentication or not.
Would another possible option for this be to use a service? I'm not quite
sure how services play into the picture yet.
I'm rather new to Tapestry / component design, so I'm not quite sure how
this all works just yet.
Thanks for all your help!
--
View this message in context: http://www.nabble.com/T5%3A-User-validation-tf4602871.html#a13142634
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: User validation
Posted by Massimo Lusetti <ml...@gmail.com>.
On 10/12/07, lasitha <la...@gmail.com> wrote:
> Hello Michael, you may find this thread useful:
> http://www.nabble.com/-T5--Restricting-Page-Access-tf4325658.html
>
> tapestry5-acegi uses a combination of annotations and contributions to
> the RequestHandler pipeline[1]. You may actually only need the
> latter.
>
> Cheers,
> lasitha.
>
> [1] http://tapestry.apache.org/tapestry5/tapestry-core/guide/request.html
Right, and it's preferrable if you don't want to throw in Spring deps.
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: User validation
Posted by lasitha <la...@gmail.com>.
Hello Michael, you may find this thread useful:
http://www.nabble.com/-T5--Restricting-Page-Access-tf4325658.html
tapestry5-acegi uses a combination of annotations and contributions to
the RequestHandler pipeline[1]. You may actually only need the
latter.
Cheers,
lasitha.
[1] http://tapestry.apache.org/tapestry5/tapestry-core/guide/request.html
On 10/12/07, mnguyen21 <mi...@wolterskluwer.com> wrote:
>
> Looking at it Acegi seems a little overkill for what I want to do I think. I
> just want a hook into the request pipeline that allows me to check a user's
> session validity. From what I can tell from Acegi, there are a lot of other
> concerns and packages that it worries about. Our authentication system
> exists elsewhere so all this is doing is checking that the current session
> is recognized by that other system. We are porting over from a homegrown
> framework into T5. We have a mechanism currently that suits our needs but
> just want to have the ability to have this check on pages we specify using
> an annotation or something. I found off the website a page on Service
> builders. In particular the Pipelining service builder seems like what I
> want. What I don't understand I guess is what is a service? Can I add a
> service builder that all page requests call implicitly? It seems from the
> examples a bulider is tied to one particular service or filter.
>
> Steven,
>
> Can you elaborate on your solution? Did you use an in-memory map of the
> user ids and roles? If not, what did you do? I'm having trouble
> understanding the necessary parts in getting Acegi to work properly.
>
> Thanks,
> Michael
>
>
>
> Steven Woolley-2 wrote:
> >
> > I am using acegi in T5, without a database, so no, you don't need to
> > configure it with a DB. There's a tutorial on a wiki somewhere, if you
> > google it, which was enough to get me (also a total novice) started...
> > Steve
> >
> > On 10/10/07, Nguyen, Michael <Mi...@wolterskluwer.com> wrote:
> >>
> >> Robin,
> >> The documentation is scarce for this project. Does it have all the
> >> functionality its counterpart in Spring have? I can't tell from the
> >> website. Does Acegi have to be configured with a database? I know this
> >> is an odd request, but due to how our framework is setup, user
> >> information is stored in another service. Our application has no direct
> >> access to a database. The access to the databases we have access to is
> >> read-only.
> >>
> >> Thanks,
> >> Michael
> >>
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: Robin Helgelin [mailto:lobbin@gmail.com]
> >> Sent: Wednesday, October 10, 2007 12:38 PM
> >> To: Tapestry users
> >> Subject: Re: T5: User validation
> >>
> >> On 10/10/07, mnguyen21 <mi...@wolterskluwer.com> wrote:
> >> >
> >> > Short of adding a filter in the web.xml, is there a way in tapestry 5
> >> > to selectively have certain pages validate user sessions? I'm trying
> >> > to unobtrusively have pages redirect the user to log in before they
> >> > view the page if their session timed out. Currently, I would need
> >> > this functionality for the majority of my pages. There are a few
> >> > pages that do not require authentication.
> >>
> >> You can always check the Acegi-integration,
> >> <http://www.localhost.nu/java/tapestry5-acegi>.
> >>
> >> --
> >> regards,
> >> Robin
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >> For additional commands, e-mail: users-help@tapestry.apache.org
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >> For additional commands, e-mail: users-help@tapestry.apache.org
> >>
> >>
> >
> >
>
> --
> View this message in context: http://www.nabble.com/T5%3A-User-validation-tf4602871.html#a13166564
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: User validation
Posted by mnguyen21 <mi...@wolterskluwer.com>.
Looking at it Acegi seems a little overkill for what I want to do I think. I
just want a hook into the request pipeline that allows me to check a user's
session validity. From what I can tell from Acegi, there are a lot of other
concerns and packages that it worries about. Our authentication system
exists elsewhere so all this is doing is checking that the current session
is recognized by that other system. We are porting over from a homegrown
framework into T5. We have a mechanism currently that suits our needs but
just want to have the ability to have this check on pages we specify using
an annotation or something. I found off the website a page on Service
builders. In particular the Pipelining service builder seems like what I
want. What I don't understand I guess is what is a service? Can I add a
service builder that all page requests call implicitly? It seems from the
examples a bulider is tied to one particular service or filter.
Steven,
Can you elaborate on your solution? Did you use an in-memory map of the
user ids and roles? If not, what did you do? I'm having trouble
understanding the necessary parts in getting Acegi to work properly.
Thanks,
Michael
Steven Woolley-2 wrote:
>
> I am using acegi in T5, without a database, so no, you don't need to
> configure it with a DB. There's a tutorial on a wiki somewhere, if you
> google it, which was enough to get me (also a total novice) started...
> Steve
>
> On 10/10/07, Nguyen, Michael <Mi...@wolterskluwer.com> wrote:
>>
>> Robin,
>> The documentation is scarce for this project. Does it have all the
>> functionality its counterpart in Spring have? I can't tell from the
>> website. Does Acegi have to be configured with a database? I know this
>> is an odd request, but due to how our framework is setup, user
>> information is stored in another service. Our application has no direct
>> access to a database. The access to the databases we have access to is
>> read-only.
>>
>> Thanks,
>> Michael
>>
>>
>>
>>
>> -----Original Message-----
>> From: Robin Helgelin [mailto:lobbin@gmail.com]
>> Sent: Wednesday, October 10, 2007 12:38 PM
>> To: Tapestry users
>> Subject: Re: T5: User validation
>>
>> On 10/10/07, mnguyen21 <mi...@wolterskluwer.com> wrote:
>> >
>> > Short of adding a filter in the web.xml, is there a way in tapestry 5
>> > to selectively have certain pages validate user sessions? I'm trying
>> > to unobtrusively have pages redirect the user to log in before they
>> > view the page if their session timed out. Currently, I would need
>> > this functionality for the majority of my pages. There are a few
>> > pages that do not require authentication.
>>
>> You can always check the Acegi-integration,
>> <http://www.localhost.nu/java/tapestry5-acegi>.
>>
>> --
>> regards,
>> Robin
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
>
--
View this message in context: http://www.nabble.com/T5%3A-User-validation-tf4602871.html#a13166564
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: User validation
Posted by Steven Woolley <wo...@gmail.com>.
I am using acegi in T5, without a database, so no, you don't need to
configure it with a DB. There's a tutorial on a wiki somewhere, if you
google it, which was enough to get me (also a total novice) started...
Steve
On 10/10/07, Nguyen, Michael <Mi...@wolterskluwer.com> wrote:
>
> Robin,
> The documentation is scarce for this project. Does it have all the
> functionality its counterpart in Spring have? I can't tell from the
> website. Does Acegi have to be configured with a database? I know this
> is an odd request, but due to how our framework is setup, user
> information is stored in another service. Our application has no direct
> access to a database. The access to the databases we have access to is
> read-only.
>
> Thanks,
> Michael
>
>
>
>
> -----Original Message-----
> From: Robin Helgelin [mailto:lobbin@gmail.com]
> Sent: Wednesday, October 10, 2007 12:38 PM
> To: Tapestry users
> Subject: Re: T5: User validation
>
> On 10/10/07, mnguyen21 <mi...@wolterskluwer.com> wrote:
> >
> > Short of adding a filter in the web.xml, is there a way in tapestry 5
> > to selectively have certain pages validate user sessions? I'm trying
> > to unobtrusively have pages redirect the user to log in before they
> > view the page if their session timed out. Currently, I would need
> > this functionality for the majority of my pages. There are a few
> > pages that do not require authentication.
>
> You can always check the Acegi-integration,
> <http://www.localhost.nu/java/tapestry5-acegi>.
>
> --
> regards,
> Robin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
RE: T5: User validation
Posted by "Nguyen, Michael" <Mi...@wolterskluwer.com>.
Robin,
The documentation is scarce for this project. Does it have all the
functionality its counterpart in Spring have? I can't tell from the
website. Does Acegi have to be configured with a database? I know this
is an odd request, but due to how our framework is setup, user
information is stored in another service. Our application has no direct
access to a database. The access to the databases we have access to is
read-only.
Thanks,
Michael
-----Original Message-----
From: Robin Helgelin [mailto:lobbin@gmail.com]
Sent: Wednesday, October 10, 2007 12:38 PM
To: Tapestry users
Subject: Re: T5: User validation
On 10/10/07, mnguyen21 <mi...@wolterskluwer.com> wrote:
>
> Short of adding a filter in the web.xml, is there a way in tapestry 5
> to selectively have certain pages validate user sessions? I'm trying
> to unobtrusively have pages redirect the user to log in before they
> view the page if their session timed out. Currently, I would need
> this functionality for the majority of my pages. There are a few
> pages that do not require authentication.
You can always check the Acegi-integration,
<http://www.localhost.nu/java/tapestry5-acegi>.
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: User validation
Posted by Robin Helgelin <lo...@gmail.com>.
On 10/10/07, mnguyen21 <mi...@wolterskluwer.com> wrote:
>
> Short of adding a filter in the web.xml, is there a way in tapestry 5 to
> selectively have certain pages validate user sessions? I'm trying to
> unobtrusively have pages redirect the user to log in before they view the
> page if their session timed out. Currently, I would need this functionality
> for the majority of my pages. There are a few pages that do not require
> authentication.
You can always check the Acegi-integration,
<http://www.localhost.nu/java/tapestry5-acegi>.
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org