ChenilleKit Access Module
Before being able to use this module you have to provide some configuration (in Tapestry5 terms) to it.
You have to provide an implementation of WebSessionUser which is the class used as an ApplicationState Object where we identify groups membership and role weight of the logged in user. So you need to contribute your implementation from you Module class:
Example:
public static void contributeAccessValidator(MappedConfiguration<String, Class> configurations)
{
configurations.add(ChenilleKitAccessConstants.WEB_SESSION_USER_KEY, DummyUser.class);
}
Now you can decide to use the Login component or not. If you don't want to use the Login component you can skip this step.
If you decide to use the Login component you have to provide one or more AuthenticationService implementation. This is a chain of command used to authenticate a user credentials against one or more source.
Example:
public static void contributeAuthenticationService(OrderedConfiguration<AuthenticationService> configuration)
{
configuration.add("TEST", new UserAuthServiceImpl());
}
This way the Login component is able to use your source to authenticate users.
Another contribution is the name of the page for users to log in (authenticate). This name is obtained from the Symbols so a contribution to the ApplicationDefaults will suffice:
public static void contributeApplicationDefaults(MappedConfiguration<String, String> configuration)
{
configuration.add(ChenilleKitAccessConstants.LOGIN_PAGE, "login");
}
Is there a possibility to use convention over configuration in here and have "login" as the default page name where no contribution is made, probably this will be enabled in a future version.
Now to protect (restrict access) to your pages simply annotate the page class with the Restricted annotation.
@Restricted(role = 2)
public class RestrictedPage
{
@Inject
private ComponentResources resources;
public String getRoleMetaValue()
{
return resources.getComponentModel().getMeta(ChenilleKitAccessConstants.RESTRICTED_PAGE_ROLE);
}
}
The annotation takes a String array as group membership requirements (if user is member of any of the group the request will be fulfilled) and a role wieght (the user need to have a role weight equal or heavier then the requested)
There are use cases where a render on a page is possibile to anyone but you want to restrict access to a particular events, to do so annotate the event handler method:
@Restricted(groups = { "ADMINS" })
void onActionFromTestRights()
{
throw new RuntimeException("This should never be reached!");
}
This way only the users in the ADMINS group can call action event on TestRights component.