You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by CIJOML <ci...@volny.cz> on 2006/09/18 16:03:31 UTC
User rights with tapestry?
Hello,
is there any howto available (for both version 3 and 4) which covers user
rights?
I need users to see some properties (icons,links) only when I verify in DB,
that user should have such rights.
Thanks a lot for reply
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: User rights with tapestry?
Posted by Robert Zeigler <ro...@scazdl.org>.
PageValidateListener is alive and well in Tap 3. I use it in exactly the
manner you describe for several tap3 apps. :)
Robert
Sam Gendler wrote:
> In Tap 3, you don't have PageValidateListener, I think, so you have to
> use something like the initialize() method. I can't say for sure,
> having never used Tap 3.
>
> --sam
>
>
> On 9/19/06, Sam Gendler <sg...@ideasculptor.com> wrote:
>
>> You can implement the PageValidateListener interface in your base
>> class. Then, in your pageValidate() method (the only method provided
>> by the interface), you can check the session to see if a userId is
>> stored there. If not, redirect the to the login page. If so, load the
>> User object into the page. Assuming the User object has permission
>> information, any of your inheriting classes can assume that the page
>> contains a valid User object, so you can always call
>> getUser().getPermissions() or pass the user object to a permission
>> checking method, etc. pageValidate() is definitely the place to be
>> doing any user auth, as far as i can tell. This method has worked
>> really well for me in all my Tapestry apps.
>>
>> You can get sophisticated by adding an abstract isAuthRequired()
>> method to your base class, so that a page can specify whether auth is
>> required. Check the value in pageValidate() before bothering to
>> authorize. You can also specify a certain level of permissions for a
>> page, if you have many potential roles. For extra fun, if your pages
>> implement the ExternalPage interface, when you redirect to the Login
>> page, you can also store an ExternalCallback in the Login page and
>> persist it to the login form. Then, after they submit their
>> credentials and you have authenticated them, you can execute the
>> ExternalCallback, taking them back to the page they were originally
>> attempting to go to, wth the same paramters they originally had.
>> Users LOVE this and it is surprisingly rare feature in most webapps,
>> despite how much usability it adds to an app. You have access to any
>> injected objects such as your business services from within
>> pageValidate, so the sky is really the limit when it comes to the
>> functionality you can offer via this mechanism. If you are using
>> spring, you can easily tie things into acegi, too. I have no
>> experience with Tapestry-Acegi, so this is how I do things.
>>
>> --sam
>>
>>
>> On 9/18/06, James Carman <ja...@carmanconsulting.com> wrote:
>> > Or, you can use Tapestry-Acegi, which allows you to annotate your
>> > page/listener methods to define required permissions. Right now,
>> anonymous
>> > access to the SVN repo is not working, though.
>> >
>> > -----Original Message-----
>> > From: Greg.L.Cormier@servicecanada.gc.ca
>> > [mailto:Greg.L.Cormier@servicecanada.gc.ca]
>> > Sent: Monday, September 18, 2006 10:30 AM
>> > To: users@tapestry.apache.org
>> > Subject: RE: User rights with tapestry?
>> >
>> > I've done this in my application.
>> >
>> > Basically I made an abstract subclass of a BasePage. All my pages
>> subclass
>> > this new class. All it has is a field requiredPermission which is
>> set in the
>> > constructor, and an initialize() method which checks permissions in
>> the
>> > Visit object with that requiredPermission field. If they don't have
>> the
>> > permission, it redirects them to a "no permissions" page. It was
>> really
>> > easy.
>> >
>> > Greg
>> >
>> > -----Original Message-----
>> > From: CIJOML [mailto:cijoml@volny.cz]
>> > Sent: Monday, September 18, 2006 10:04 AM
>> > To: users@tapestry.apache.org
>> > Subject: User rights with tapestry?
>> >
>> >
>> > Hello,
>> >
>> > is there any howto available (for both version 3 and 4) which
>> covers user
>> > rights?
>> >
>> > I need users to see some properties (icons,links) only when I
>> verify in DB,
>> > that user should have such rights.
>> >
>> > Thanks a lot for reply
>> >
>> > Michal
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> > For additional commands, e-mail: users-help@tapestry.apache.org
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> > For additional commands, e-mail: users-help@tapestry.apache.org
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> > For additional commands, e-mail: users-help@tapestry.apache.org
>> >
>> >
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Re: RE: User rights with tapestry?
Posted by Sam Gendler <sg...@ideasculptor.com>.
In Tap 3, you don't have PageValidateListener, I think, so you have to
use something like the initialize() method. I can't say for sure,
having never used Tap 3.
--sam
On 9/19/06, Sam Gendler <sg...@ideasculptor.com> wrote:
> You can implement the PageValidateListener interface in your base
> class. Then, in your pageValidate() method (the only method provided
> by the interface), you can check the session to see if a userId is
> stored there. If not, redirect the to the login page. If so, load the
> User object into the page. Assuming the User object has permission
> information, any of your inheriting classes can assume that the page
> contains a valid User object, so you can always call
> getUser().getPermissions() or pass the user object to a permission
> checking method, etc. pageValidate() is definitely the place to be
> doing any user auth, as far as i can tell. This method has worked
> really well for me in all my Tapestry apps.
>
> You can get sophisticated by adding an abstract isAuthRequired()
> method to your base class, so that a page can specify whether auth is
> required. Check the value in pageValidate() before bothering to
> authorize. You can also specify a certain level of permissions for a
> page, if you have many potential roles. For extra fun, if your pages
> implement the ExternalPage interface, when you redirect to the Login
> page, you can also store an ExternalCallback in the Login page and
> persist it to the login form. Then, after they submit their
> credentials and you have authenticated them, you can execute the
> ExternalCallback, taking them back to the page they were originally
> attempting to go to, wth the same paramters they originally had.
> Users LOVE this and it is surprisingly rare feature in most webapps,
> despite how much usability it adds to an app. You have access to any
> injected objects such as your business services from within
> pageValidate, so the sky is really the limit when it comes to the
> functionality you can offer via this mechanism. If you are using
> spring, you can easily tie things into acegi, too. I have no
> experience with Tapestry-Acegi, so this is how I do things.
>
> --sam
>
>
> On 9/18/06, James Carman <ja...@carmanconsulting.com> wrote:
> > Or, you can use Tapestry-Acegi, which allows you to annotate your
> > page/listener methods to define required permissions. Right now, anonymous
> > access to the SVN repo is not working, though.
> >
> > -----Original Message-----
> > From: Greg.L.Cormier@servicecanada.gc.ca
> > [mailto:Greg.L.Cormier@servicecanada.gc.ca]
> > Sent: Monday, September 18, 2006 10:30 AM
> > To: users@tapestry.apache.org
> > Subject: RE: User rights with tapestry?
> >
> > I've done this in my application.
> >
> > Basically I made an abstract subclass of a BasePage. All my pages subclass
> > this new class. All it has is a field requiredPermission which is set in the
> > constructor, and an initialize() method which checks permissions in the
> > Visit object with that requiredPermission field. If they don't have the
> > permission, it redirects them to a "no permissions" page. It was really
> > easy.
> >
> > Greg
> >
> > -----Original Message-----
> > From: CIJOML [mailto:cijoml@volny.cz]
> > Sent: Monday, September 18, 2006 10:04 AM
> > To: users@tapestry.apache.org
> > Subject: User rights with tapestry?
> >
> >
> > Hello,
> >
> > is there any howto available (for both version 3 and 4) which covers user
> > rights?
> >
> > I need users to see some properties (icons,links) only when I verify in DB,
> > that user should have such rights.
> >
> > Thanks a lot for reply
> >
> > Michal
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: RE: User rights with tapestry?
Posted by Sam Gendler <sg...@ideasculptor.com>.
You can implement the PageValidateListener interface in your base
class. Then, in your pageValidate() method (the only method provided
by the interface), you can check the session to see if a userId is
stored there. If not, redirect the to the login page. If so, load the
User object into the page. Assuming the User object has permission
information, any of your inheriting classes can assume that the page
contains a valid User object, so you can always call
getUser().getPermissions() or pass the user object to a permission
checking method, etc. pageValidate() is definitely the place to be
doing any user auth, as far as i can tell. This method has worked
really well for me in all my Tapestry apps.
You can get sophisticated by adding an abstract isAuthRequired()
method to your base class, so that a page can specify whether auth is
required. Check the value in pageValidate() before bothering to
authorize. You can also specify a certain level of permissions for a
page, if you have many potential roles. For extra fun, if your pages
implement the ExternalPage interface, when you redirect to the Login
page, you can also store an ExternalCallback in the Login page and
persist it to the login form. Then, after they submit their
credentials and you have authenticated them, you can execute the
ExternalCallback, taking them back to the page they were originally
attempting to go to, wth the same paramters they originally had.
Users LOVE this and it is surprisingly rare feature in most webapps,
despite how much usability it adds to an app. You have access to any
injected objects such as your business services from within
pageValidate, so the sky is really the limit when it comes to the
functionality you can offer via this mechanism. If you are using
spring, you can easily tie things into acegi, too. I have no
experience with Tapestry-Acegi, so this is how I do things.
--sam
On 9/18/06, James Carman <ja...@carmanconsulting.com> wrote:
> Or, you can use Tapestry-Acegi, which allows you to annotate your
> page/listener methods to define required permissions. Right now, anonymous
> access to the SVN repo is not working, though.
>
> -----Original Message-----
> From: Greg.L.Cormier@servicecanada.gc.ca
> [mailto:Greg.L.Cormier@servicecanada.gc.ca]
> Sent: Monday, September 18, 2006 10:30 AM
> To: users@tapestry.apache.org
> Subject: RE: User rights with tapestry?
>
> I've done this in my application.
>
> Basically I made an abstract subclass of a BasePage. All my pages subclass
> this new class. All it has is a field requiredPermission which is set in the
> constructor, and an initialize() method which checks permissions in the
> Visit object with that requiredPermission field. If they don't have the
> permission, it redirects them to a "no permissions" page. It was really
> easy.
>
> Greg
>
> -----Original Message-----
> From: CIJOML [mailto:cijoml@volny.cz]
> Sent: Monday, September 18, 2006 10:04 AM
> To: users@tapestry.apache.org
> Subject: User rights with tapestry?
>
>
> Hello,
>
> is there any howto available (for both version 3 and 4) which covers user
> rights?
>
> I need users to see some properties (icons,links) only when I verify in DB,
> that user should have such rights.
>
> Thanks a lot for reply
>
> Michal
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: User rights with tapestry?
Posted by James Carman <ja...@carmanconsulting.com>.
Or, you can use Tapestry-Acegi, which allows you to annotate your
page/listener methods to define required permissions. Right now, anonymous
access to the SVN repo is not working, though.
-----Original Message-----
From: Greg.L.Cormier@servicecanada.gc.ca
[mailto:Greg.L.Cormier@servicecanada.gc.ca]
Sent: Monday, September 18, 2006 10:30 AM
To: users@tapestry.apache.org
Subject: RE: User rights with tapestry?
I've done this in my application.
Basically I made an abstract subclass of a BasePage. All my pages subclass
this new class. All it has is a field requiredPermission which is set in the
constructor, and an initialize() method which checks permissions in the
Visit object with that requiredPermission field. If they don't have the
permission, it redirects them to a "no permissions" page. It was really
easy.
Greg
-----Original Message-----
From: CIJOML [mailto:cijoml@volny.cz]
Sent: Monday, September 18, 2006 10:04 AM
To: users@tapestry.apache.org
Subject: User rights with tapestry?
Hello,
is there any howto available (for both version 3 and 4) which covers user
rights?
I need users to see some properties (icons,links) only when I verify in DB,
that user should have such rights.
Thanks a lot for reply
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
RE: User rights with tapestry?
Posted by Gr...@servicecanada.gc.ca.
I've done this in my application.
Basically I made an abstract subclass of a BasePage. All my pages subclass this new class. All it has is a field requiredPermission which is set in the constructor, and an initialize() method which checks permissions in the Visit object with that requiredPermission field. If they don't have the permission, it redirects them to a "no permissions" page. It was really easy.
Greg
-----Original Message-----
From: CIJOML [mailto:cijoml@volny.cz]
Sent: Monday, September 18, 2006 10:04 AM
To: users@tapestry.apache.org
Subject: User rights with tapestry?
Hello,
is there any howto available (for both version 3 and 4) which covers user
rights?
I need users to see some properties (icons,links) only when I verify in DB,
that user should have such rights.
Thanks a lot for reply
Michal
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org