Major Description
Several implementation details (creation of ICallbacks and page redirection) make adding authentication to a tapestry application not a trivial task. Page redirection can only be done in page validate thus making impossible to capture the state of a page (for instance, properties + parameters of an activateExternalPage).
After looking at the code, this has implications in the core of the engine itself and making these changes might not be trivial. But instead of adding features for generating ICallbacks and page redirection, why not directly wire an authentication API inside the framework?
Here is a suggestion:
- provide a blank AuthenticatedPage interface or configuration that allows pages to say that they require authentication
- provide a hivemind configuration point to plug an authentication service: this service has methods to figure out if a user is authenticated or not and also provides a page name that is called when a user is not authenticated
- the authentication pages have to implement a specific interface or another mecanism that tell that the authentication process is finished (the process might consist of several pages, e.g. new account creation)
- the engine takes care of the rest: before calling the authentication page, a basic state is captured after the page is setup (all declared properties are saved), and once the authentication process is finished, all that state is restored and the page is called