You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Weisu <we...@gmail.com> on 2008/08/01 06:32:52 UTC
Re: Access control with dispatchers and annotations - problem
Hi, I think I have found your problem. I tried to implemented your code and
found this line caused the problem. After I commented out this line
everything works.
/* Is the requested page private ? */
Component page = componentSource.getPage(pageName);
System.out.println("PAGE CLASS = "+page.getClass());
System.out.println("PAGE ANNO =
"+page.getClass().getAnnotation(Private.class));
// System.out.println("PAGE ANNOS = "+page.getClass().getAnnotations()[0]);
boolean privatePage = page.getClass().getAnnotation(Private.class) !=
null;
Weisu
photos-4 wrote:
>
> I too have been trying to implement what is on the wiki.
>
> This is really doing my head in (not helped by the fact the wiki
> solution http://wiki.apache.org/tapestry/Tapestry5HowToControlAccess
> does not have all the "bits" of code necessary for a newbie like
> myself to get it working. For instance, it's missing the package
> imports and is also missing a necessary try-catch block at the end of
> checkAccess()).
>
> I've had no success after a day or more working on it - even with the
> updated code recently provided. It just does not work and seems either
> to be a mistake on my part in how Annotations work (they are new to
> me, I admit, having not used them before), or a serious problem with
> the way the code works (the ClassLoaders? It seems the standard
> classloader is loading Private while the tapestry pages are via its
> own classloader - I don't know how getAnnotation() works, so I'm
> wildly guessing and probably wrong)
>
> Below is the code I have. I'd appreciate a pointer on what I've done
> wrong.
>
> The output is as follows:
>
> [DEBUG] AppModule.TimingFilter Invoking method
> uk.bl.dlportal.services.AppModule.buildTimingFilter(Logger) (at
> AppModule.java:97).
> 1
> PAGE CLASS = class uk.bl.dlportal.pages.Administration
> PAGE ANNO = null
> PAGE ANNOS = @uk.bl.dlportal.pages.util.Private()
> [INFO] AppModule.TimingFilter Request time: 4784 ms
> [INFO] AppModule.TimingFilter Request time: 0 ms
>
>
> ----------------- AccessController.java --
>
> package uk.bl.dlportal.pages.util;
>
> import java.io.IOException;
>
> import org.apache.tapestry5.runtime.Component;
> import org.apache.tapestry5.services.ApplicationStateManager;
> import org.apache.tapestry5.services.ComponentClassResolver;
> import org.apache.tapestry5.services.ComponentSource;
> import org.apache.tapestry5.services.Dispatcher;
> import org.apache.tapestry5.services.Request;
> import org.apache.tapestry5.services.Response;
>
> import uk.bl.dlportal.entities.User;
>
> public class AccessController implements Dispatcher
> {
> private final static String LOGIN_PAGE = "/index";
>
> private ApplicationStateManager asm;
> private final ComponentClassResolver resolver;
> private final ComponentSource componentSource;
>
>
> /**
> * Receive all the services needed as constructor arguments. When we bind
> * this service, T5 IoC will provide all the services !
> */
> public AccessController(ApplicationStateManager asm,
> ComponentClassResolver resolver, ComponentSource componentSource)
> {
> this.asm = asm;
> this.resolver = resolver;
> this.componentSource = componentSource;
> }
>
>
> public boolean dispatch(Request request, Response response)
> throws IOException
> {
> System.out.println("1");
> /*
> * We need to get the Tapestry page requested by the user. So we parse
> * the path extracted from the request
> */
> String path = request.getPath();
> if (path.equals(""))
> return false;
>
> int nextslashx = path.length();
> String pageName;
>
> while (true)
> {
> pageName = path.substring(1, nextslashx);
> if (!pageName.endsWith("/") && resolver.isPageName(pageName))
> break;
> nextslashx = path.lastIndexOf('/', nextslashx - 1);
> if (nextslashx <= 1)
> return false;
> }
> return checkAccess(pageName, request, response);
> }
>
>
> /**
> * Check the rights of the user for the page requested
> */
> public boolean checkAccess(String pageName, Request request,
> Response response)
> {
>
> boolean canAccess = true;
>
> /* Is the requested page private ? */
> Component page = componentSource.getPage(pageName);
>
> System.out.println("PAGE CLASS = "+page.getClass());
> System.out.println("PAGE ANNO =
> "+page.getClass().getAnnotation(Private.class));
> System.out.println("PAGE ANNOS = "+page.getClass().getAnnotations()[0]);
>
> boolean privatePage = page.getClass().getAnnotation(Private.class) !=
> null;
>
> if (privatePage)
> {
> canAccess = false;
> /* Is the user already authenticated ? */
> if (asm.exists(User.class))
> {
> User userSession = asm.get(User.class);
> canAccess = userSession != null;
> }
>
> /*
> if (asm.exists(UserSessionImpl.class))
> {
> UserSessionImpl userSession = asm.get(UserSessionImpl.class);
> canAccess = userSession.isUserLoggedIn();
> }
> */
> }
>
>
> if (!canAccess)
> {
> try
> {
> response.sendRedirect(request.getContextPath() + LOGIN_PAGE);
> } catch (IOException e)
> {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
> return true; // Make sure to leave the chain
> }
> return false;
> }
>
> }
>
>
> -------------------- AppModule.java --
>
> ...
> public static void bind(ServiceBinder binder)
> {
> // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>
> // Make bind() calls on the binder object to define most IoC services.
> // Use service builder methods (example below) when the implementation
> // is provided inline, or requires more initialization than simply
> // invoking the constructor.
>
> binder.bind(AccessController.class).withId("AccessController");
>
> }
>
>
> public void contributeMasterDispatcher(
> OrderedConfiguration<Dispatcher> configuration,
> @InjectService("AccessController") Dispatcher accessController)
> {
> configuration.add("AccessController", accessController,
> "before:PageRender");
> }
> ...
>
>
> ---------------- Private.java --
>
> package uk.bl.dlportal.pages.util;
>
> import java.lang.annotation.Documented;
> import java.lang.annotation.ElementType;
> import java.lang.annotation.Retention;
> import java.lang.annotation.RetentionPolicy;
> import java.lang.annotation.Target;
>
> @Target(ElementType.TYPE)
> @Retention(RetentionPolicy.RUNTIME)
> @Documented
> public @interface Private
> {
> }
>
>
> ------------------ Administration.java -- (the page I'm testing this on)
>
> package uk.bl.dlportal.pages;
>
> import org.apache.tapestry5.annotations.ApplicationState;
>
> import uk.bl.dlportal.entities.User;
> import uk.bl.dlportal.pages.util.Private;
>
> /**
> * Admin page of application dlportal.
> */
> @Private
> public class Administration
> {
> ....
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Access-control-with-dispatchers-and-annotations-tp18710376p18768093.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org