23 Sep
2009
23 Sep
'09
8:47 a.m.
Can anyone give me any pointers about how security
works in pier? In
particular, if I make my own components, how do I apply security to
them?
You can find some documentation in Section 3.5.3 in
http://scg.unibe.ch/archive/masters/Reng06a.pdf.
I've been browsing around and tracing the code and
see that the security
descriptors end up as decorations which apply to objectified commands.
However, I don't know what I need to do to set the security of an object
or fiddle with the security policy.
You can only apply the security decorations to subclasses of
PRStructure (these are the objects that represent a unique URL or
entry point into your application), not to arbitrary objects (out of
the box, at least).
Also, if someone comes in from the outside with a link
like
http://my.host.com/seaside/pier/personalpreferences, is there a way I
can ensure that they will be prompted for login and then taken to a
preferences page for them?
The PRForbiddenView is displayed (with a link to the login page). This
is currently hardcoded into the "Pier-Interpreter", but could probably
be moved to the structures so that they can decide to do something
else, if necessary.
Cheers,
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch