You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "Alexander Gavrilov (JIRA)" <de...@tapestry.apache.org> on 2007/09/27 10:55:50 UTC
[jira] Created: (TAPESTRY-1782) Call
IExternalPage.activateExternalPage before IPage#validate
Call IExternalPage.activateExternalPage before IPage#validate
-------------------------------------------------------------
Key: TAPESTRY-1782
URL: https://issues.apache.org/jira/browse/TAPESTRY-1782
Project: Tapestry
Issue Type: Wish
Components: Framework
Affects Versions: 4.1.3
Reporter: Alexander Gavrilov
Priority: Critical
We are required to check user right to access the page based on parameners, thats are commig from activateExternalPage. But because activateExternalPage invoked after validate we can't do that in the proposed validate() method. So, in the current implementation validate can be used for role-based security only (to check is user authenticated or not, or is user belong to some role or not), and this is very limited. What we do now, we introduce new interface IActivatePage with single method activate(), which are caller right after validate() for non external service invocations or after activateExternalPage for external service invocations. In this method we setting up page context properties, and invoking drools to check the current user right for initialized page object. Its wold be nice, to have IPage#validate invoked before IExternalPage.activateExternalPage, or to have aothe method like activate, that will be called in the services directly after the activateExternalPage for External service, or after validate() for another services.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
[jira] Commented: (TAPESTRY-1782) Call
IExternalPage.activateExternalPage before IPage#validate
Posted by "Alexander Gavrilov (JIRA)" <de...@tapestry.apache.org>.
[ https://issues.apache.org/jira/browse/TAPESTRY-1782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12563915#action_12563915 ]
Alexander Gavrilov commented on TAPESTRY-1782:
----------------------------------------------
I dont want to call cycle.getListenerParameters() from validate or activate. I want to use the things for whatever they are right.
The tapestry page is an object. Page contains data, accessible through getters and setters. According documentation IPage validate() is responsible to check that the user is allowed to visit the page (i mean object). But In the current implementation this method can only check that the user is allowed to visit the pages of that type (i mean class).
What you propose is to implement validation listener in the each application Page class to check pagameters, specific for this page.
What i want is to use activateExternalPage to initialize pages with context data. For example ViewAccountPage will be initialized by Account, loaded from DB in the activateExternalPage and stored in the page property. And i want to have one generic validation method, thats pass initialized page object to the security subsystem, ascing "can this page object be accessible by the current user or not". The security subsystem known about each application page type and about security sensitive data stored in that page. And if request comes for ViewAccountPage, then security subsytem check "has the current user permission to access to the Account instance stored in the page property or not".
> Call IExternalPage.activateExternalPage before IPage#validate
> -------------------------------------------------------------
>
> Key: TAPESTRY-1782
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1782
> Project: Tapestry
> Issue Type: Wish
> Components: Framework
> Affects Versions: 4.1.3
> Reporter: Alexander Gavrilov
> Assignee: Jesse Kuhnert
> Priority: Critical
>
> We are required to check user right to access the page based on parameners, thats are commig from activateExternalPage. But because activateExternalPage invoked after validate we can't do that in the proposed validate() method. So, in the current implementation validate can be used for role-based security only (to check is user authenticated or not, or is user belong to some role or not), and this is very limited. What we do now, we introduce new interface IActivatePage with single method activate(), which are caller right after validate() for non external service invocations or after activateExternalPage for external service invocations. In this method we setting up page context properties, and invoking drools to check the current user right for initialized page object. Its wold be nice, to have IPage#validate invoked before IExternalPage.activateExternalPage, or to have aothe method like activate, that will be called in the services directly after the activateExternalPage for External service, or after validate() for another services.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org
[jira] Resolved: (TAPESTRY-1782) Call
IExternalPage.activateExternalPage before IPage#validate
Posted by "Jesse Kuhnert (JIRA)" <de...@tapestry.apache.org>.
[ https://issues.apache.org/jira/browse/TAPESTRY-1782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jesse Kuhnert resolved TAPESTRY-1782.
-------------------------------------
Resolution: Won't Fix
Assignee: Jesse Kuhnert
I think that even your external page parameters should be available from your validate() method. You can call cycle.getListenerParameters(). These are set before calling validate or activateExternalPage.
Calling cycle.getListenerParameters() from within activate() would be no different than calling
IExternalPage.activateExternalPage(cycle.getListenerParameters(), cycle)
> Call IExternalPage.activateExternalPage before IPage#validate
> -------------------------------------------------------------
>
> Key: TAPESTRY-1782
> URL: https://issues.apache.org/jira/browse/TAPESTRY-1782
> Project: Tapestry
> Issue Type: Wish
> Components: Framework
> Affects Versions: 4.1.3
> Reporter: Alexander Gavrilov
> Assignee: Jesse Kuhnert
> Priority: Critical
>
> We are required to check user right to access the page based on parameners, thats are commig from activateExternalPage. But because activateExternalPage invoked after validate we can't do that in the proposed validate() method. So, in the current implementation validate can be used for role-based security only (to check is user authenticated or not, or is user belong to some role or not), and this is very limited. What we do now, we introduce new interface IActivatePage with single method activate(), which are caller right after validate() for non external service invocations or after activateExternalPage for external service invocations. In this method we setting up page context properties, and invoking drools to check the current user right for initialized page object. Its wold be nice, to have IPage#validate invoked before IExternalPage.activateExternalPage, or to have aothe method like activate, that will be called in the services directly after the activateExternalPage for External service, or after validate() for another services.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org