Should not allow other resources to be accessed

Question

I have following ZUL files in my web content folder

Login.zul - Composer Applied
Category.zul - No Composer Applied 
Index.zul - Composer Applied
Help.zul - NO Composer Applied
AboutUs.zul - NO Composer Applied

whenever I try to access Category.zul or Help.zul I can see them in my browser, but according to my usecase If I try to access it, I should always be redirected to Login.zul How can I achieve this.

One Solution : I can add composer to all the ZUL and then in doAfterCompose() do Executions.sendRedirect("to my login page") , but I think this not correct way to do it.

Answer 1

I have implemented DestopInit Interface, of ZK when ever new desktop is initialized i.e when I open link in new tab. I have checked Page URL if it is not Login I have redirected user back to Login Page.

Answer 2

Quite a few standard ways to handle this

1. Use Spring Security or Apache Shiro to define secured resources
2. Put all restricted pages under WEB-INF and dynamically include them when requested from your application UI
3. Implement a custom authentication and authorization system to decide which user has access to what (something like the approach you have already mentioned in your question). Personally I would recommend using a standard security solution like Shiro or Spring Security. For integrating Shiro into your ZK application see this smalltalk. For Spring Security you can refer to ZK Spring Essentials section on Working with Spring Security