So, how to not render the portlet for a group of people and do render it for others using a whitelist? Logic for who should see it is purely internal to the portlet and it made sense (in simplicity and respecting separation of concerns) to expose a RESTlet for consumption of our authentication module. The authentication module in turn puts people in the proper groups for various community and portlet access. Setup was incredibly simple and it didn't take much more effort to enable JPA transaction support with this class:
/**
* Enables JPA transactional support for subclassed Restlets.
*/
public abstract class AbstractJpaRestlet extends Restlet {
private static final Logger logger = Logger.getLogger(AbstractJpaRestlet.class);
@Autowired
private EntityManagerFactory emf;
/**
* Handler for Restlet requests and responses. Implementing this method
* will ensure db connectivity and transactions support with the DAOs
*
* @param req incoming Request
* @param resp outgoing Response
*/
public abstract void doHandle(Request req, Response resp);
@Override
public void handle(Request request, Response response) {
EntityManager em = emf.createEntityManager();
TransactionSynchronizationManager.bindResource(emf, new EntityManagerHolder(em));
try {
doHandle(request, response);
} catch (Throwable t) {
logger.error(this, t);
TransactionSynchronizationManager.unbindResource(emf);
throw new RestletException(t.getMessage());
}
finally{
TransactionSynchronizationManager.unbindResource(emf);
}
}
}
This is my first RESTlet and I'd be interested in any feedback or pointers in this approach. I'm quite happy with how fast it was to code up. There's only one implementation of this class at this point, but the pattern is very simple and allows for quick future expansion as we need to expose more data.