<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">This PageRequest interface is really similar to something Johannes Barop just contributed, but his was a private inner class of Navigation. The fact that this has cropped up twice in the past two days indicates that something is missing from the public API :)<div><br></div><div>But! Couldn't we just express the hasPermission method like this:</div><div><br></div><div><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><pre class="line-pre" style="font-family: Consolas, 'Liberation Mono', Courier, monospace; font-size: 12px; line-height: 16px; width: 744px; margin-top: 0px; margin-bottom: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; background-color: rgb(255, 255, 255); position: static; z-index: auto; "><div class="line" id="file-example-java-LC14"><span class="n" style="color: rgb(51, 51, 51); ">PermissionStatus</span> <span class="nf" style="color: rgb(153, 0, 0); font-weight: bold; ">hasPermission</span><span class="o" style="font-weight: bold; ">(</span><span class="n" style="color: rgb(51, 51, 51); ">User</span> <span class="n" style="color: rgb(51, 51, 51); ">user</span><span class="o" style="font-weight: bold; ">,</span> <span class="n" style="color: rgb(51, 51, 51); ">Page</span> <span class="n" style="color: rgb(51, 51, 51); ">page</span><span class="o" style="font-weight: bold; ">);</span></div></pre></div></div></blockquote><div><br></div></div><div>We could create the Page widget instance itself, write the @PageState fields to it, and then ask the permission resolver if we should be allowed to show it. This may be more convenient in many cases because of the type coercion that the framework does when writing page state fields. Does this make sense?</div><div><br></div><div><div>Going even further, why not use the exact same PermissionResolver interface as PicketLink? Then we can stick them in the shared package and reuse them between client and server. Since they're created by the bean manager, there's tons of stuff we could share between client and server simply by injecting the contextual information we need in order to make the decision.</div><div><br></div><div>I'm not saying they have to be shareable in all cases, but in many cases it should be possible. "Write it once!" is one of the Errai design principles--at least according to the marketing segment of our conference talks. ;-)</div><div><br></div><div>-Jonathan</div><div><br><div><div>On 2013-06-20, at 5:48 AM, Erik Jan de Wit wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=us-ascii"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi,<div><br></div><div>So I've worked some more on fine grained security and I've come up with the following inspired by picket link:</div><div><br></div><div><pre class="line-pre" style="font-family: Consolas, 'Liberation Mono', Courier, monospace; font-size: 12px; line-height: 16px; width: 744px; margin-top: 0px; margin-bottom: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; background-color: rgb(255, 255, 255); position: static; z-index: auto; "><div class="line" id="file-example-java-LC1"><span class="kd" style="font-weight: bold;">public</span> <span class="kd" style="font-weight: bold;">interface</span> <span class="nc" style="color: rgb(68, 85, 136); font-weight: bold;">RequestPermissionResolver</span> <span class="o" style="font-weight: bold;">{</span></div><div class="line" id="file-example-java-LC2"> </div><div class="line" id="file-example-java-LC3"> <span class="kd" style="font-weight: bold;">public</span> <span class="kd" style="font-weight: bold;">enum</span> <span class="n" style="color: rgb(51, 51, 51);">PermissionStatus</span> <span class="o" style="font-weight: bold;">{</span></div><div class="line" id="file-example-java-LC4"> <span class="n" style="color: rgb(51, 51, 51);">ALLOW</span><span class="o" style="font-weight: bold;">,</span> <span class="n" style="color: rgb(51, 51, 51);">DENY</span><span class="o" style="font-weight: bold;">,</span> <span class="n" style="color: rgb(51, 51, 51);">NOT_APPLICABLE</span></div><div class="line" id="file-example-java-LC5"> <span class="o" style="font-weight: bold;">}</span></div><div class="line" id="file-example-java-LC6"> </div><div class="line" id="file-example-java-LC7"> <span class="cm" style="color: rgb(153, 153, 136); font-style: italic;">/**</span></div><div class="line" id="file-example-java-LC8"><span class="cm" style="color: rgb(153, 153, 136); font-style: italic;"> * Tests if the currently authenticated user has permission to 'see' the specified page request.</span></div><div class="line" id="file-example-java-LC9"><span class="cm" style="color: rgb(153, 153, 136); font-style: italic;"> *</span></div><div class="line" id="file-example-java-LC10"><span class="cm" style="color: rgb(153, 153, 136); font-style: italic;"> * @param user the user to validate the pageRequest for</span></div><div class="line" id="file-example-java-LC11"><span class="cm" style="color: rgb(153, 153, 136); font-style: italic;"> * @param pageRequest The pageRequest for which the permission is required</span></div><div class="line" id="file-example-java-LC12"><span class="cm" style="color: rgb(153, 153, 136); font-style: italic;"> * @return ALLOW if the current user has the permission DENY or NOT_APPLICABLE.</span></div><div class="line" id="file-example-java-LC13"><span class="cm" style="color: rgb(153, 153, 136); font-style: italic;"> */</span></div><div class="line" id="file-example-java-LC14"> <span class="n" style="color: rgb(51, 51, 51);">PermissionStatus</span> <span class="nf" style="color: rgb(153, 0, 0); font-weight: bold;">hasPermission</span><span class="o" style="font-weight: bold;">(</span><span class="n" style="color: rgb(51, 51, 51);">User</span> <span class="n" style="color: rgb(51, 51, 51);">user</span><span class="o" style="font-weight: bold;">,</span> <span class="n" style="color: rgb(51, 51, 51);">PageRequest</span> <span class="n" style="color: rgb(51, 51, 51);">pageRequest</span><span class="o" style="font-weight: bold;">);</span></div></pre><div><br></div></div><div>The PageRequest contains the name of the page and the state. By implementing this interface the user can create logic if he wants to show the page that is about to get shown to the user or not.</div><div><br></div><div>The only problem I have now is what should we do when the user decides not to show the page? I can see 4 possibilities:</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>1. Create a message that is shown on the interface somewhere</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>The problems with this are, what message to show should be translatable and where / how to show it, must </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>also be customisable. Could also be helpful as a general error message framework?</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>2. Navigate to other page</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>We could navigate to an other page, with a role SecurityError or something like that. This will mean the user</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>has full control of what will be shown when security errors occur.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>3. We redirect to the login page</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>This is kinda strange because one is already logged in and if there is no message this is not really helping</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>4. Throw an exception</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>This is also not really helping as there is no way for the user to do something at this point.</div><div><br></div><div>What do you guys think?</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cheers,</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Erik Jan</div><div><br></div><div><br></div></div>_______________________________________________<br>errai-dev mailing list<br><a href="mailto:errai-dev@lists.jboss.org">errai-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/errai-dev</blockquote></div><br></div></div></body></html>