如何使用 Tapestry-Security?

发布于 2024-09-15 19:52:04 字数 697 浏览 8 评论 0原文

我最近发现了 Tapestry 5,它的视图和控制器之间清晰分离,使用名称标准化而不是 XML 让我直接选择了它。坦率地说,我不打算改变,但文档对我来说还不够。

我正在从事的项目必须能够支持多种类型的角色。我必须允许用户进行身份验证、根据其角色使用某些服务以及根据其角色访问 url。

经过一番研究,我发现了 Tapestry-Security,它是 Tynamo 项目的一部分。

我希望我的服务层完全独立于我的 Web 应用程序,因为我将使用它来实现 Web 服务和其他一些东西。当时机成熟时,我不想再做一个识别系统。

我的问题是,我不知道如何在不使用 Tapestry 的情况下使用 Tapestry-Security。他们在 Tapestry-Security 指南上显示的示例对我来说还不够。我有一个非常粗略的想法,它是如何运作的。 但是我不知道如何在 Tapestry 5 之外使用它。

如何在没有 Tapestry 5 的情况下使用 Tapestry-Security ?

我也不了解 Tapestry 项目中 AppModule 类中使用的过滤系统。 是否有文档解释 AppModule 与过滤系统配合使用的方式?

有没有人可以向我解释这些事情或为我指出正确的方向?

谢谢。

I discovered Tapestry 5, quite recently, its clear separation between view and controller, the use of name standardization instead of XML made me go for it straight. Quite frankly I don't plan on changing but the documentation is just not enough for me.

The project I'm working on must be able to support several types of roles. I must allow users authentifications, the use of certains services according to their roles ans the access of url by their roles as well.

After some research I came across Tapestry-Security which is part of the Tynamo project.

I want my Service layer to be totaly independant from my web application because I will then use it to implement web services and some others stuff. I do not feel like doing another identification system when the time comes.

My problem is that I do not see how use Tapestry-Security without using Tapestry.The example they show on Tapestry-Security guide is just not enough for me. I have a pretty rough idea, how it works.
However I do not know how I could use it outside the Tapestry 5.

How can I use Tapestry-Security without Tapestry 5 ?

I also do not understand the filter systems used in the AppModule class in Tapestry project.
Is there a document which explain the way AppModule works with the filter system ?

Is there someone which can explain me those things or point me in the right direction ?

Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

素衣风尘叹 2024-09-22 19:52:04

Tapestry-Security 只是 Apache Shiro 项目之上的一个薄层。它仅提供:

  • 一种通过 Tapestry 应用程序模块配置 Shiro 的方法
  • 一组 Tapestry 过滤器,用于对 Tapestry 页面和操作进行实际安全检查
  • 注释 如果您想以声明方式声明您的安全性
  • 组件 以支持 .tml 文件

在该层下,有一个 Shiro 的普通实例执行所有工作,因此您可以访问安全性(例如通过 SecurityUtils 类)就像您通常在 Tapestry 根本不参与的情况下所做的那样。

根据评论进行编辑:因此,虽然您可以在您使用的任何 Web 应用程序中使用 Shiro,但 Tapestry-Security 实际上只是与 Tapestry 一起使用的包装器。但是,如果您有一个包含 Tapestry 和其他 servlet(例如 Web 服务)的应用程序,那么您应该能够让 Tapestry-Security 完成初始化工作。

关于 Tapestry 过滤器:恐怕这没有很好的记录。 Tapestry 过滤器的工作方式与 Servlet 过滤器非常相似,但 Tapestry 是 实现的作为Servlet Filter本身,它有自己的过滤器链。 Tapestry 过滤器实现 RequestFilter 接口。

public class MyFilter implements RequestFilter {

    @Override
    public boolean service(final Request request, final Response response,
            final RequestHandler handler) throws IOException {
        ... //your code
        try {
            return handler.service(request, response);
        } finally {
            ... //your code
        }

    }
}

您可以通过在应用程序模块中贡献它们来将它们添加到过滤器链中:

public void contributeRequestHandler(
            final OrderedConfiguration<RequestFilter> configurations) {
    configuration.add("MyFilter", new MyFilter());
}

Tapestry-Security is just a thin layer on top of the Apache Shiro project. It only provides:

  • a way to configure Shiro via your Tapestry application module
  • a set of Tapestry filters to do the actual security checks for Tapestry pages and actions
  • annotations should you like to declare your security declaratively
  • components to support conditional rendering in your .tml files

Underneath that layer, there is an ordinary instance of Shiro doing all the work, so you can access security (for example via the SecurityUtils class) like you normally would if Tapestry wasn't involved at all.

Edit based on comment: So while you can use Shiro in any web application you use, Tapestry-Security is really just a wrapper for use with Tapestry. If you, however, have an app that includes Tapestry along with other servlets (such as a web service), you should be able to let Tapestry-Security do the initialization work.

Concerning Tapestry filters: I'm afraid this isn't documented very well. Tapestry filters work very much like Servlet Filters, but as Tapestry is implemented as a Servlet Filter itself, it has its own filter chain. Filters for Tapestry implement the RequestFilter interface.

public class MyFilter implements RequestFilter {

    @Override
    public boolean service(final Request request, final Response response,
            final RequestHandler handler) throws IOException {
        ... //your code
        try {
            return handler.service(request, response);
        } finally {
            ... //your code
        }

    }
}

You can add them to the filter chain by contributing them in your application module:

public void contributeRequestHandler(
            final OrderedConfiguration<RequestFilter> configurations) {
    configuration.add("MyFilter", new MyFilter());
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文