tag:blogger.com,1999:blog-4110180.post3876173360618241586..comments2025-07-21T06:33:41.604-07:00Howard Lewis Shiphttp://www.blogger.com/profile/04486596490758986709noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4110180.post-83757206121581595322012-03-13T08:20:16.926-07:002012-03-13T08:20:16.926-07:00Guarav,<br /><br />This is a blog, it&#39;s not an effective discussion forum. Please join the Tapestry user mailing list and discuss there.Howard Lewis Shiphttps://www.blogger.com/profile/04486596490758986709noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-73024447381852767272012-03-13T01:55:17.897-07:002012-03-13T01:55:17.897-07:00Hi Howards,<br />Nice explanation,thanks a lot.<br />I wana ask you how to implement role based security in Tapestry5(i am not intended to use third party API).<br />thanks<br />Gaurav P SinghGaurav Pratap Singhhttps://www.blogger.com/profile/05400675232840231511noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-45429698061494702492010-01-01T02:23:59.932-08:002010-01-01T02:23:59.932-08:00Hi Howard,<br /> Nice post. It seems there is an error in the code for the RequiresLoginFilter there seems to be a constructor named PageAccessFilter.Adedayo Ominiyihttps://www.blogger.com/profile/13537905701073254794noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-75677522288606485812009-12-31T02:08:36.667-08:002009-12-31T02:08:36.667-08:00Many thanks for this article, Howard. This supply us with very good, first-hand info on this topic AND it also supply us with a very interesting look at the internal working of Tapestry. Thanks again.alexbottonihttps://www.blogger.com/profile/00631075737691059574noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-76998099095463109462009-12-29T15:27:38.701-08:002009-12-29T15:27:38.701-08:00That is exactly what ChenilleKit Access module is doing with a lot of what you&#39;re talking in here about extensions (like the &quot;resume&quot; after login).<br /><br />I would be happy if you could give a look at the <a href="http://fisheye.codehaus.org/browse/chenillekit/trunk/chenillekit-access" rel="nofollow">source</a> and share your thoughts.Massimohttps://www.blogger.com/profile/09841812729931064489noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-1454071785782660992009-12-29T08:39:45.842-08:002009-12-29T08:39:45.842-08:00This is the approach I used in most Tapestry apps. Often I do it the other way around: all pages are protected unless they are annotated with something like @PublicPage.<br /><br />BTW based on your post I wrote a post about Mapped Diagnostic Context with Tapestry Filters. <a href="http://blog.tapestry5.de/index.php/2009/12/29/mapped-diagnostic-context-with-tapestry-filters/" rel="nofollow">Read here</a>.Unknownhttps://www.blogger.com/profile/04913897684953989656noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-12143291537821945732009-12-28T23:17:24.903-08:002009-12-28T23:17:24.903-08:00Thank you Howard for this very much needed post! It is this kind of advices that the community really needs.<br /><br />Although there are lots of differences in anthenticating and authorizing users, there are also common scenarios. The most common ones are the first to be covered.<br /><br />It would be most comforting for a developer to know he/she is not forgetting something to introduce a security hole in the web app.<br /><br />I believe the most common simple scenario is:<br /><br />- users are stored in the database<br />- users are of two types (regular and admins)<br />- part of the web site must be protected<br />- user must continue to the destination page after successful authentication <br />- username and password are used as an authentication method<br />- remember me functionality<br />- configurable logged out destination<br />- DenialOfService protection (captcha after 5 failed attempts)<br /><br />Of course this covers nothing but the basics.<br /><br />The receipe for this would really help. And what matters most to me is the clean code which everyone can understand fast even after comming to a project team later.<br /><br />CheersAnonymoushttps://www.blogger.com/profile/05963508383930374887noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-36817114291724509182009-12-28T16:28:31.711-08:002009-12-28T16:28:31.711-08:00I&#39;ve written an answer to the mailing list. <a href="http://old.nabble.com/-Tapestry-Central--Securing-Tapestry-pages-with-Annotations%2C-Part-1-to26949008s302.html" rel="nofollow">Read it here</a>Thiago H. de Paula Figueiredohttps://www.blogger.com/profile/07307722531281751788noreply@blogger.comtag:blogger.com,1999:blog-4110180.post-2842670887810721812009-12-28T15:32:22.058-08:002009-12-28T15:32:22.058-08:00Hi Howards,<br /><br />thanks a lot for this posting, even if I already found a solution, similar to yours, it&#39;s good to know, that others can find it now too.<br />I would very pleased, if you could add a hint, how you saved the targetpage &amp; context to proceed after loggig in.<br /><br />Thanks a lot<br />AlexUnknownhttps://www.blogger.com/profile/13213264745441016431noreply@blogger.com