Problem with assignment of variables between pages
Hallo! I'm hoping I'm not completely OT with this problem here... We are using setters and getters to pass over objects between pages, like (in pseudo-java) page a: (PageB) page = (PageB) cycle.getPage(PageB); page.setVar(obj); [...] cycle.activate(page); page b: Obj var = getVar(); if(var != null) { [...] } [...] public abstract Obj getVar(); public abstract void setVar(Obj var); The problem which is driving us up the walls is that in some cases, the transition seems to get messed up, as a not-null object is handed over, but on the receiving side this object is null... An additional problem is that this behavior seems to be not valid for all http-sessions handled by tomcat, some work as they should. We are using Tap 4.1.2 (SNAPSHOT from 16.02.2007), Tomcat 5.5.17 (and 5.5.20) and Hibernate 3.2.1ga with java 1.5.11SE. Did anyone here encounter a similar problem and if yes, give me a hint of where to look or how to fix it? Regards, Patrick Klein - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with assignment of variables between pages
Are you disabling the cache ? On 2/27/07, Patrick Klein [EMAIL PROTECTED] wrote: Hallo! I'm hoping I'm not completely OT with this problem here... We are using setters and getters to pass over objects between pages, like (in pseudo-java) page a: (PageB) page = (PageB) cycle.getPage(PageB); page.setVar(obj); [...] cycle.activate(page); page b: Obj var = getVar(); if(var != null) { [...] } [...] public abstract Obj getVar(); public abstract void setVar(Obj var); The problem which is driving us up the walls is that in some cases, the transition seems to get messed up, as a not-null object is handed over, but on the receiving side this object is null... An additional problem is that this behavior seems to be not valid for all http-sessions handled by tomcat, some work as they should. We are using Tap 4.1.2 (SNAPSHOT from 16.02.2007), Tomcat 5.5.17 (and 5.5.20) and Hibernate 3.2.1ga with java 1.5.11SE. Did anyone here encounter a similar problem and if yes, give me a hint of where to look or how to fix it? Regards, Patrick Klein - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with assignment of variables between pages
Hi! cache is not disabled. Regards, Patrick Are you disabling the cache ? On 2/27/07, Patrick Klein [EMAIL PROTECTED] wrote: Hallo! I'm hoping I'm not completely OT with this problem here... We are using setters and getters to pass over objects between pages, like (in pseudo-java) page a: (PageB) page = (PageB) cycle.getPage(PageB); page.setVar(obj); [...] cycle.activate(page); page b: Obj var = getVar(); if(var != null) { [...] } [...] public abstract Obj getVar(); public abstract void setVar(Obj var); The problem which is driving us up the walls is that in some cases, the transition seems to get messed up, as a not-null object is handed over, but on the receiving side this object is null... An additional problem is that this behavior seems to be not valid for all http-sessions handled by tomcat, some work as they should. We are using Tap 4.1.2 (SNAPSHOT from 16.02.2007), Tomcat 5.5.17 (and 5.5.20) and Hibernate 3.2.1ga with java 1.5.11SE. Did anyone here encounter a similar problem and if yes, give me a hint of where to look or how to fix it? Regards, Patrick Klein - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Download link for T4 broken
While looking for source code for Virtual Library I discovered a broken link http://jakarta.apache.org/site/downloads/downloads_tapestry.cgi on http://tapestry.apache.org/tapestry4/downloads.html P.S. Where can I find VL for 4.0 sources? -Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Download link for T4 broken
http://tapestry.apache.org/download.html Cheers, Ron Borut Bolčina wrote: While looking for source code for Virtual Library I discovered a broken link http://jakarta.apache.org/site/downloads/downloads_tapestry.cgi on http://tapestry.apache.org/tapestry4/downloads.html P.S. Where can I find VL for 4.0 sources? -Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5:How to use Select component's model
In T5 you use SelectModel. see http://tapestry.apache.org/tapestry5/tapestry-core/apidocs/org/apache/tapestry/SelectModel.html 2007/2/27, Weisu [EMAIL PROTECTED]: Hi, I am converting my app to T5, in T4, I use IPropertySelectionModel to create the dropdown for select, what model can I use in T5. -- View this message in context: http://www.nabble.com/T5%3AHow-to-use-Select-component%27s-model-tf3298500.html#a9175667 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- /ted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5:How to use Select component's model
You can also use a Map (probably a TreeMap), and once TAPESTRY-1292 ( https://issues.apache.org/jira/browse/TAPESTRY-1292) is resolved, you'll be able to use a List as well. On 2/27/07, Ted Steen [EMAIL PROTECTED] wrote: In T5 you use SelectModel. see http://tapestry.apache.org/tapestry5/tapestry-core/apidocs/org/apache/tapestry/SelectModel.html 2007/2/27, Weisu [EMAIL PROTECTED]: Hi, I am converting my app to T5, in T4, I use IPropertySelectionModel to create the dropdown for select, what model can I use in T5. -- View this message in context: http://www.nabble.com/T5%3AHow-to-use-Select-component%27s-model-tf3298500.html#a9175667 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- /ted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Role based security
Hello list, I was wondering if there is a better way of securing page components than using @If components (example from VirtualLibrary for Tapestry v4.0, Border.html) span jwcid=@If condition=ognl:admin tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span span jwcid=@If condition=ognl:loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=logoutimg jwcid=logoutRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Logout//a/td /tr /span span jwcid=@If condition=ognl:!loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=loginimg jwcid=loginRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Login//a/td /tr /span I read all I could find on the list about acegi and a wiki entries starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none of the texts mention or suggests something like span jwcid=@Secured role=acegi:{ROLE_USER, ROLE_ADMIN} tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span How about creating such component? How do you guys do it? Cheers, Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
XHTML strict validation is not allowed in a URL
I started validating my site as XHTML strict and ran into a problem I did not expect. The W3C validator reports # Warning Line 9 column 109: cannot generate system identifier for general entity service. ...Acumera/app?page=AcuVigil%3AMGStatusservice=page/ With the following explanation: http://www.htmlhelp.com/tools/validator/problems.html#amp Ampersands ('s) in URLs Another common error occurs when including a URL which contains an ampersand (): !-- This is invalid! -- a href=foo.cgi?chapter=1section=2copy=3lang=en.../a This example generates an error for unknown entity section because the is assumed to begin an entity reference. Browsers often recover safely from this kind of error, but real problems do occur in some cases. In this example, many browsers correctly convert copy=3 to (c)=3, which may cause the link to fail. Since lang; is the HTML entity for the left-pointing angle bracket, some browsers also convert lang=en to 〈=en. And one old browser even finds the entity sect;, converting section=2 to §ion=2. To avoid problems with both validators and browsers, always use amp; in place of when writing URLs in HTML: a href=foo.cgi?chapter=1amp;section=2amp;copy=3amp;lang=en.../a Note that replacing with amp; is only done when writing the URL in HTML, where is a special character (along with and ). When writing the same URL in a plain text email message or in the location bar of your browser, you would use and not amp;. With HTML, the browser translates amp; to so the Web server would only see and not amp; in the query string of the request. This surprised me because every url I've ever seen has an in it. Does this seem correct and if so I guess Tapestry should support a separator other than Barry
RE: Role based security
Ignore the Mediator class it is one of ours. The real logic is in the else. We store user and role in the visit and check when needed. public class ValidatePage extends BasePage implements PageValidateListener { public void pageValidate(PageEvent event) { Mediator mediator = MgmtFactory.getMediator(); if (!mediator.isConsole()) { IPage messagePage = getRequestCycle().getPage(nonAdminConsole); throw new PageRedirectException(messagePage); } else { // If there is no visit object or the user isn't auth'd ship // them off to the login page Visit visit = (Visit)getVisit(); if (visit == null || !visit.isUserAuthenticated()) { Login login = (Login)getRequestCycle().getPage(login); throw new PageRedirectException(login); } } } } hth, Mark Mark J. Stang Senior Engineer/Architect office: +1 303.468.2900 mobile: +1 303.507.2833 Ping Identity -Original Message- From: Borut Bolcina [mailto:[EMAIL PROTECTED] Sent: Tue 2/27/2007 7:08 AM To: Tapestry users Subject: Role based security Hello list, I was wondering if there is a better way of securing page components than using @If components (example from VirtualLibrary for Tapestry v4.0, Border.html) span jwcid=@If condition=ognl:admin tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span span jwcid=@If condition=ognl:loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=logoutimg jwcid=logoutRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Logout//a/td /tr /span span jwcid=@If condition=ognl:!loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=loginimg jwcid=loginRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Login//a/td /tr /span I read all I could find on the list about acegi and a wiki entries starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none of the texts mention or suggests something like span jwcid=@Secured role=acegi:{ROLE_USER, ROLE_ADMIN} tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span How about creating such component? How do you guys do it? Cheers, Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: XHTML strict validation is not allowed in a URL
Looks related to http://issues.apache.org/jira/browse/TAPESTRY-1218 Try enabling friendly urls... it should fix this for now On 2/27/07, Barry Books [EMAIL PROTECTED] wrote: I started validating my site as XHTML strict and ran into a problem Idid not expect. The W3C validator reports # Warning Line 9 column 109: cannot generate system identifier forgeneral entity service. ...Acumera/app?page=AcuVigil%3AMGStatusservice=page/ With the following explanation: http://www.htmlhelp.com/tools/validator/problems.html#amp Ampersands ('s) in URLs Another common error occurs when including a URL which contains anampersand (): !-- This is invalid! -- ahref=foo.cgi ?chapter=1section=2copy=3lang=en.../a This example generates an error for unknown entity section becausethe is assumed to begin an entity reference. Browsers oftenrecover safely from this kind of error, but real problems do occur insome cases. In this example, many browsers correctly convert copy=3to (c)=3, which may cause the link to fail. Since lang; is the HTMLentity for the left-pointing angle bracket, some browsers also convertlang=en to 〈=en. And one old browser even finds the entity sect;,converting section=2 to §ion=2. To avoid problems with both validators and browsers, always use amp;in place of when writing URLs in HTML: a href=foo.cgi?chapter=1amp;section=2amp;copy=3amp;lang=en.../a Note that replacing with amp; is only done when writing the URL inHTML, where is a special character (along with and ). Whenwriting the same URL in a plain text email message or in the locationbar of your browser, you would use and not amp;. With HTML, thebrowser translates amp; to so the Web server would only see and not amp; in the query string of the request. This surprised me because every url I've ever seen has an in it.Doesthis seem correct and if so I guess Tapestry should support aseparator other than Barry -- Andreas Andreou - [EMAIL PROTECTED] - http://andyhot.di.uoa.gr Tapestry / Tacos developer Open Source / JEE Consulting
Component display question
Hi all, I have a page that contains numerous custom HTML template components which are dialogs. My page contains buttons which pops up these dialogs using JavaScript and this all works perfectly. Now what I want to do is pop one of these dialogs automatically when the page is rendering if a certain page parameter is set. I have try putting in a dojo.addOnLoad function which calls dojo.widget.byId('customDialog').show() but that doesn't seem to work. Any ideas on how to do this? I am using Tapestry 4.1 Thanks in advance, Mark BRBRBR**BR AOL now offers free email to everyone. Find out more about what's free from AOL at http://www.aol.com.
Component display question
Hi all, I have a page that contains numerous custom HTML template components which are dialogs. My page contains buttons which pops up these dialogs using JavaScript and this all works perfectly. Now what I want to do is pop one of these dialogs automatically when the page is rendering if a certain page parameter is set. I have try putting in a dojo.addOnLoad function which calls dojo.widget.byId('customDialog').show() but that doesn't seem to work. Any ideas on how to do this? I am using Tapestry 4.1 Thanks in advance, Mark BRBRBR**BR AOL now offers free email to everyone. Find out more about what's free from AOL at http://www.aol.com.
Re: Component display question
I think there are some parameters on the dojo dialog tapestry 4.1 component, concretely the hidden parameter is the one you are looking for: http://tapestry.apache.org/tapestry4.1/components/dojo/dialog.html Name Type Required Default Description hidden boolean no true Whether or not the Dialog should be hidden by default. (Which is what you want in most cases.) Hope this helps ! r. On 2/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi all, I have a page that contains numerous custom HTML template components which are dialogs. My page contains buttons which pops up these dialogs using JavaScript and this all works perfectly. Now what I want to do is pop one of these dialogs automatically when the page is rendering if a certain page parameter is set. I have try putting in a dojo.addOnLoad function which calls dojo.widget.byId('customDialog').show() but that doesn't seem to work. Any ideas on how to do this? I am using Tapestry 4.1 Thanks in advance, Mark BRBRBR**BR AOL now offers free email to everyone. Find out more about what's free from AOL at http://www.aol.com. -- Robert Ramírez Vique Computer Science Engineer
Re: Role based security
Hello Mark, Mark Stang wrote: Ignore the Mediator class it is one of ours. The real logic is in the else. We store user and role in the visit and check when needed. hth, sorry, but it doesn't. I am looking for a more general solution - if at all exists. I wish to lay grounds for security in my Tapestry app beyond those described in Kent's book EWDT, Tapestry 101 or Beginning POJOS (Novice to Professional). Imagine a portal with several portlets. Each of the portlet is visible and/or editable only to some roles. In a portal server such as Liferay or JBoss Portal you can do this by assigning certain rights to portlets. I don't want to make a portal(!), but I want to have blocks of code on a Tapestry page protected with a pluggable authorization/authentication mechanism (memory based, LDAP, JDBC, maybe even Active Directory). Cheers, Borut Mark Mark J. Stang Senior Engineer/Architect office: +1 303.468.2900 mobile: +1 303.507.2833 Ping Identity -Original Message- From: Borut Bolcina [mailto:[EMAIL PROTECTED] Sent: Tue 2/27/2007 7:08 AM To: Tapestry users Subject: Role based security Hello list, I was wondering if there is a better way of securing page components than using @If components (example from VirtualLibrary for Tapestry v4.0, Border.html) span jwcid=@If condition=ognl:admin tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span span jwcid=@If condition=ognl:loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=logoutimg jwcid=logoutRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Logout//a/td /tr /span span jwcid=@If condition=ognl:!loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=loginimg jwcid=loginRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Login//a/td /tr /span I read all I could find on the list about acegi and a wiki entries starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none of the texts mention or suggests something like span jwcid=@Secured role=acegi:{ROLE_USER, ROLE_ADMIN} tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span How about creating such component? How do you guys do it? Cheers, Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Role based security
Sorry, I obviously meant to address this to Borut. On 2/27/07, Jonathan Barker [EMAIL PROTECTED] wrote: Mark, Do a Google search using the search string: site:http://mail-archives.apache.org/mod_mbox Jonathan Barker I posted some information and code in June 2006 about creating @Authorize and @AclAuthorize based on the code for the tapestry @If component, and the Authorize and AclAuthorize JSP taglibs. I've had this in production since last May and it's been working beautifully. Jonathan -Original Message- From: Borut Bolčina [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 27, 2007 12:31 PM To: Tapestry users Subject: Re: Role based security Hello Mark, Mark Stang wrote: Ignore the Mediator class it is one of ours. The real logic is in the else. We store user and role in the visit and check when needed. hth, sorry, but it doesn't. I am looking for a more general solution - if at all exists. I wish to lay grounds for security in my Tapestry app beyond those described in Kent's book EWDT, Tapestry 101 or Beginning POJOS (Novice to Professional). Imagine a portal with several portlets. Each of the portlet is visible and/or editable only to some roles. In a portal server such as Liferay or JBoss Portal you can do this by assigning certain rights to portlets. I don't want to make a portal(!), but I want to have blocks of code on a Tapestry page protected with a pluggable authorization/authentication mechanism (memory based, LDAP, JDBC, maybe even Active Directory). Cheers, Borut Mark Mark J. Stang Senior Engineer/Architect office: +1 303.468.2900 mobile: +1 303.507.2833 Ping Identity -Original Message- From: Borut Bolcina [mailto:[EMAIL PROTECTED] Sent: Tue 2/27/2007 7:08 AM To: Tapestry users Subject: Role based security Hello list, I was wondering if there is a better way of securing page components than using @If components (example from VirtualLibrary for Tapestry v4.0, Border.html) span jwcid=@If condition=ognl:admin tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span span jwcid=@If condition=ognl:loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=logoutimg jwcid=logoutRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Logout//a/td /tr /span span jwcid=@If condition=ognl:!loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=loginimg jwcid=loginRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Login//a/td /tr /span I read all I could find on the list about acegi and a wiki entries starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none of the texts mention or suggests something like span jwcid=@Secured role=acegi:{ROLE_USER, ROLE_ADMIN} tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span How about creating such component? How do you guys do it? Cheers, Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jonathan Barker Consultant
Re: Page initialization
pageBeginRender (implement PageBeginRenderListener interface). This will be called before rendering both the rewind and render cycle, but you can just put a conditional on cycle.isRewinding() in order to ensure you only re-init the variable during the render cycle. --sam On 2/26/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: What I need is that when I access or refresh the page a parameter bound to session must be reset On 2/26/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: Hi!, where do I have to put page initialization code in tapestry 4.1.1? I need that the init method is called only when I render the page, but not when I call a form submit. Thx, kiuma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Role based security
It is simple enough to build a component based on the @If component which will conditionally check some authorization requirement. That's what we have for handling role based auth in a template, including some sophisticated else handling which lets the template cascade through a number of options. We don't explicitly list roles anywhere in the templates. We have a delegate that maps permissions from roles to objects. Our @IfAuth component just checks whether the current user has a particular permission (read, write, and deny basically). We've actually got permissions assigned on a per-property basis on many objects, so we also have wrapper components which wrap the normal form components with the IfAuth conditional so that our templates aren't full of difficult-to-read conditional blocks. The entire chain of possible permissions are represented in a single component, so if they have write permission, they will see a text box, read permission will show a label, deny will show a blank space, etc. We actually went a step further and built a single component which renders any number of form components based on the type of the value being assigned. Booleans get checkboxes, lists get palettes, strings get text fields, numbers get text fields + number translator, etc. Each also takes care of rendering correctly according to the permission available to the current user for the field in question. It is similar to bean form, but pre-dates it by quite a bit. We do have an IfRole component for the few places where we have to check whether a user is a particular role, such as when deciding whether to render a particular menu item. All of this could plug into Acegi or any kind of authorization mechanism you might care to roll into your app. So long as you can define some kind of AuthorizationDelegate that you can provide to the tags for doing the auth and returning a permission, it is pretty easy to implement and/or modify the auth mechanism. We also have record based security which is implemented entirely via hibernate filters and AOP interception which ensures that none of the service methods can be executed without having the appropriate hibernate filters enabled. This was necessary in order to handle things like tables with paging. The acegi mechanisms don't appear to provide a way to ensure that db queries only return the rows for which the current user is authorized, so offset/limit queries don't work correctly when acegi removes items after the query has run. This breaks the paging in the tables. So we use hibernate filters to ensure that any query that runs only ever returns the results appropriate for the current user. I'm intending to write a paper about this mechanism that folks can see, as it turned out to be incredibly flexible and very efficient. It's got unix filesystem style permissions (owner, group, world - although it is actually a little more sophisticated than that) and multiple permissions that can be applied to each (read, write, reassign). It also provides hierarchical auth, so you have the same permissions (or better) as any user below you in the hierarchy - allowing managers to have the same access as their direct reports, without explicitly assigning them to each record owned by a direct report. This is vital if any user might ever be moved within the organization. It also allows temporary owner reassignment without removing the original owner assignment. This allows employees to be assigned to cover for others during vacations and such without forcing the system to explicitly remember who used to be assigned where and then reassigning at the end of the period. The whole thing is completely transparent outside of the service layer. The DAO layer knows absolutely nothing about the authorization filters and neither does the ui layer (except, of course, where we've exposed fields you can edit to modify assignments and such). Even our service layer was almost entirely unchanged, since all filters and other auth checks are applied in an AOP interceptor. Basically, we modified the hibernate mapping docs to add the filters, added interceptors on the service methods in our spring config, and modified the schema to add the necessary new tables (no changes were necessary to the entity tables themelves, but new relations were added). It took a fair amount of research to get the design right, but actual implementation was surprisingly easy, especially considering that we had never explicltly implemented a hibernate filter or an AOP interceptor prior to implementing the row level auth mechanism. Once we got the db config dialed in, it only adds about 20% to the worst queries in the system and is usually much better than that. If there's interest in the details, let me know. Maybe that will motivate me to write the thing up properly. We had code freeze on Friday, so I'm just catching my breath from the effort of the release now. Here's the basic list of requirements we had to
Re: Role based security
Sorry, but have to also point out authsum. It has some tapestry components that also manage login/authorization, but it's very different from anything else out there. It's a search engine for authorizations (uses's lucene to search for authorizations) and it accesses lucene via webservices. Using hessian now, but moving to xfire because I am developing a dotnet and ruby clients. The site will give you a good overview of what it is. http://www.authsum.org (apache license) If it's interesting to you, drop me a line. - Original Message - From: Borut Bolčina [EMAIL PROTECTED] To: Tapestry users users@tapestry.apache.org Sent: Tuesday, February 27, 2007 9:08:17 AM (GMT-0500) America/New_York Subject: Role based security Hello list, I was wondering if there is a better way of securing page components than using @If components (example from VirtualLibrary for Tapestry v4.0, Border.html) span jwcid=@If condition=ognl:admin tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span span jwcid=@If condition=ognl:loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=logoutimg jwcid=logoutRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Logout//a/td /tr /span span jwcid=@If condition=ognl:!loggedIn tr td rowspan=1 colspan=1 width=178 height=29a href=# jwcid=loginimg jwcid=loginRollover src=/vlib/images/nav/nav_10x1.png width=178 height=29 border=0 alt=Login//a/td /tr /span I read all I could find on the list about acegi and a wiki entries starting at http://wiki.apache.org/tapestry/AcegiSpringJava5, but none of the texts mention or suggests something like span jwcid=@Secured role=acegi:{ROLE_USER, ROLE_ADMIN} tr td rowspan=1 colspan=1 width=178 height=19img src=/vlib/images/nav/nav_6x1.png width=178 height=19 border=0 alt=Admin//td /tr ... /span How about creating such component? How do you guys do it? Cheers, Borut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Page initialization
Thank you, but I've seen from code that beginPageRender is called only during rewind so I added a property to the page and did the following: /** * Reset the grid content if the page is accessed without form submission * (refresh or new access), then performs normal renderPage operations. */ public void renderPage(ResponseBuilder builder, IRequestCycle cycle) { if (!getFormRewound().booleanValue()) { setEditItemCollection(new ArrayList()); } setFormRewound(Boolean.FALSE); super.renderPage(builder, cycle); } /** * Called by the framework during rewind. It informs the page the it * has been rewinded when the renderPage method will be called */ public void beginPageRender() { setFormRewound(Boolean.TRUE); } Is there any better way to do this ? ciao, kiuma On 2/27/07, Sam Gendler [EMAIL PROTECTED] wrote: pageBeginRender (implement PageBeginRenderListener interface). This will be called before rendering both the rewind and render cycle, but you can just put a conditional on cycle.isRewinding() in order to ensure you only re-init the variable during the render cycle. --sam On 2/26/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: What I need is that when I access or refresh the page a parameter bound to session must be reset On 2/26/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: Hi!, where do I have to put page initialization code in tapestry 4.1.1? I need that the init method is called only when I render the page, but not when I call a form submit. Thx, kiuma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: XHTML strict validation is not allowed in a URL
I guess it depends on what you mean by friendly urls. It would easy to fix the page service but in looking thru the code it appears the direct service separates it's parameters with an '' also. While it's possible to replace all that code it's quit a bit of work considering the problems appears to be the '' in the code below. I'm guessing there is another one one the decode side. I'm not really proposing this gets fixed and it seems a bit odd to me that the spec prohibits '' in a url considering everyone seems to use them there, but it might be nice if future versions used something other than '' or allow you to configure it. package org.apache.tapestry.engine.EngineServiceLink private void addParameters(StringBuffer buffer) { String[] names = getParameterNames(); String sep = ?; for (int i = 0; i names.length; i++) { String name = names[i]; String[] values = getParameterValues(name); if (values == null) continue; for (int j = 0; j values.length; j++) { buffer.append(sep); buffer.append(name); buffer.append(=); buffer.append(encode(values[j])); sep = ; } } } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: XHTML strict validation is not allowed in a URL
It still seems to me like the only problem here is the w3c validator itself. Looking at any web browser available it seems quite obvious that it is just plain wrong. ;) (not to say that ultimately finding a way to make it be quiet isn't worth it, there are just too many actual problems sitting in jira to fix first ) On 2/27/07, Barry Books [EMAIL PROTECTED] wrote: I guess it depends on what you mean by friendly urls. It would easy to fix the page service but in looking thru the code it appears the direct service separates it's parameters with an '' also. While it's possible to replace all that code it's quit a bit of work considering the problems appears to be the '' in the code below. I'm guessing there is another one one the decode side. I'm not really proposing this gets fixed and it seems a bit odd to me that the spec prohibits '' in a url considering everyone seems to use them there, but it might be nice if future versions used something other than '' or allow you to configure it. package org.apache.tapestry.engine.EngineServiceLink private void addParameters(StringBuffer buffer) { String[] names = getParameterNames(); String sep = ?; for (int i = 0; i names.length; i++) { String name = names[i]; String[] values = getParameterValues(name); if (values == null) continue; for (int j = 0; j values.length; j++) { buffer.append(sep); buffer.append(name); buffer.append(=); buffer.append(encode(values[j])); sep = ; } } } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tapestry/Dojo team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind. http://blog.opencomponentry.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: XHTML strict validation is not allowed in a URL
I read the spec 4 or 5 times before I believed it. It seems a bit odd to invalidate every web page on the planet in the name of progress. Then to add insult to injury the validator produces about 5 errors for each one of these. Barry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: XHTML strict validation is not allowed in a URL
On Tue, Feb 27, 2007 at 03:48:27PM -0600, Barry Books wrote: I'm not really proposing this gets fixed and it seems a bit odd to me that the spec prohibits '' in a url considering everyone seems to use them there, but it might be nice if future versions used something other than '' or allow you to configure it. It's not that the spec prohibits . I't just that it prohibits *unescaped* in XML (thus in XHTML) documents. Just as it prohibits unescaped and . Thus, AFAIK, 'all' that's needed is for methods that write attribute values to replace by amp; when writing. Note that this is not URL quoting, as when replacing ' ' with +. This is an extra layer of quoting that's supposed to be applied to *anything* that gets written to XML, including URLs. -- Rodrigo Gallardo GPG-Fingerprint: 7C81 E60C 442E 8FBC D975 2F49 0199 8318 ADC9 BC28 Zenophobia: the irrational fear of convergent sequences. signature.asc Description: Digital signature
Re: Page initialization
pageBeginRender is called during both rewind and render. I don't know what test you did to make you think it only gets called during rewind. public void pageBeginRender(PageEvent event) { if (!event.getRequestCycle().isRewinding()) { // put render cycle init code here } } I've got code similar to this all over my codebase and I know that it works exactly as expected. In fact, my actual pageBeginRender implementation in my base page implementation looks like the following: @InitialValue(ognl:false) public abstract boolean isOnceInitialized(); public abstract void setOnceInitialized(boolean val); public final void pageBeginRender(PageEvent event) { initPage(event); if (!isOnceInitialized()) { initOnlyOnce(event); setOnceInitialized(true); } if (getRequestCycle().isRewinding()) { initForRewind(event); } else { initForRender(event); } } // gets called before both rewind and render cycles public void initPage(PageEvent event) { } // guaranteed to be called only once, whether there is a rewind // cycle or not public void initOnlyOnce(PageEvent event) { } // gets called before rewind cycle public void initForRewind(PageEvent event) { } // gets called before render cycle public void initForRender(PageEvent event) { } On 2/27/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: Thank you, but I've seen from code that beginPageRender is called only during rewind so I added a property to the page and did the following: /** * Reset the grid content if the page is accessed without form submission * (refresh or new access), then performs normal renderPage operations. */ public void renderPage(ResponseBuilder builder, IRequestCycle cycle) { if (!getFormRewound().booleanValue()) { setEditItemCollection(new ArrayList()); } setFormRewound(Boolean.FALSE); super.renderPage(builder, cycle); } /** * Called by the framework during rewind. It informs the page the it * has been rewinded when the renderPage method will be called */ public void beginPageRender() { setFormRewound(Boolean.TRUE); } Is there any better way to do this ? ciao, kiuma On 2/27/07, Sam Gendler [EMAIL PROTECTED] wrote: pageBeginRender (implement PageBeginRenderListener interface). This will be called before rendering both the rewind and render cycle, but you can just put a conditional on cycle.isRewinding() in order to ensure you only re-init the variable during the render cycle. --sam On 2/26/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: What I need is that when I access or refresh the page a parameter bound to session must be reset On 2/26/07, Andrea Chiumenti [EMAIL PROTECTED] wrote: Hi!, where do I have to put page initialization code in tapestry 4.1.1? I need that the init method is called only when I render the page, but not when I call a form submit. Thx, kiuma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
contrib:Table mouseover over rows
guys, i am using tap3. i have a contrib:table implementation which is displaying multiple row results. now i am using rowsClass to control the CSS property of my rows. now i wanted to implement a mouseover colour change effect over my rows and i am not sure, how i can implement this using just CSS. has anybody else done this before. thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: contrib:Table mouseover over rows
You can'tUnless your target audience is mozilla only in which case it's as easy as: tr:hover { background-color: } Most other options involve javascript and are usually extremely painful because of the fun quirks involved. This may help if you go that route: http://www.quirksmode.org/js/contents.html On 2/27/07, Peter Dawn [EMAIL PROTECTED] wrote: guys, i am using tap3. i have a contrib:table implementation which is displaying multiple row results. now i am using rowsClass to control the CSS property of my rows. now i wanted to implement a mouseover colour change effect over my rows and i am not sure, how i can implement this using just CSS. has anybody else done this before. thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tapestry/Dojo team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind. http://blog.opencomponentry.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: contrib:Table mouseover over rows
i thought so. my target audience as it turns out is IE. so i guess i am stuck. i tried tr:hover but it didnt work under IE, as you have mentioned, didnt even try it under FF. will keep on looking though. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: contrib:Table mouseover over rows
look (i think) in dean edward's site... there's a hack adding a new behavior for IE that is supposed to emulate hover transparently Peter Dawn wrote: i thought so. my target audience as it turns out is IE. so i guess i am stuck. i tried tr:hover but it didnt work under IE, as you have mentioned, didnt even try it under FF. will keep on looking though. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Andreas Andreou - [EMAIL PROTECTED] - http://andyhot.di.uoa.gr Tapestry / Tacos developer Open Source / J2EE Consulting - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: contrib:Table mouseover over rows
can you give me the URL - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
T5 IoC - inject service in data class ?
I would like to use one of my services I have defined in AppModule in one of my data classes. Is this frowned upon? If not, how do I go about doing it? Currently my AppModule has: public static IListService buildListService( ... ) { ... return listService; } // listService is an instantation of an implementation of IListService and I tried in my data class to add the following: private Registry registry = IOCUtilities.buildDefaultRegistry(); private IListService _listService = registry.getService(IListService.class); but it didn't work I also tried private Registry registry = IOCUtilities.buildDefaultRegistry(); private IListService _listService = registry.getService( my.package.ListService,IListService.class); which gave me java.lang.RuntimeException: Module 'com.beshai.list.jdo' does not exist. Please ensure that the JAR file for the module is on the classpath. (the package and class is in a different JAR file, but it is a maven dependency) Thanks -- Peter Beshai Pure Mathematics/Computer Science Student University of Waterloo
Re: contrib:Table mouseover over rows
Yep.. That's more or less how I did it last time. (sort of, but my requirements had special conditions for doing things within rows involving links and such that would make simple mouse outs not do-able ...ie it ~had~ to be actually leaving the row) This page (from the previously referenced quirksmode - indispensable to anyone writing even a little javascript ) outlines all of nasty bits involved as well as a sample function that shows how to do the out part properly. (well pseudo properly, it can be made much more efficient ) http://www.quirksmode.org/js/events_mouse.html On 2/27/07, Sam Gendler [EMAIL PROTECTED] wrote: There's a solution that is pretty similar to how I solved this problem described in detail on this page: http://www.permadi.com/tutorial/cssHighlightTableRow/index.html but you'll have to scroll to the bottom to find it. The page presents multiple options, but it is the second to last one that you want. Basically, just throw a div around your table which has onMouseOver event attached to a function. In the function, traverse up from the element which triggered the event handler until you find a TR element (in my case, my TR elements have a marker class which makes them eligible for highlighting or not). then modify the class list according to your css requirements and attach an onMouseOut event to the row. You can do the whole thing without writing a tap component and should work in any browser with decent js support. I use dojo for the cross platform api, but it isn't strictly necessary. --sam On 2/27/07, Peter Dawn [EMAIL PROTECTED] wrote: can you give me the URL - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jesse Kuhnert Tapestry/Dojo team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind. http://blog.opencomponentry.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
T5 $content$
What will be the way in which we specify to tapestry which portions of a page are rendered and which will be provided by a component? I've tried $content$ and $remove$, but it seems that they have yet to be implemented. Given T5's schema oriented approach I suspect they will be supplanted with something else. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5 $content$
crap. Just saw the previous post. My filter was hiding it from me. 1000 apologies. On 2/27/07, Todd Orr [EMAIL PROTECTED] wrote: What will be the way in which we specify to tapestry which portions of a page are rendered and which will be provided by a component? I've tried $content$ and $remove$, but it seems that they have yet to be implemented. Given T5's schema oriented approach I suspect they will be supplanted with something else. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [WARNING] T5:How to use Select component's model
thanks! gredler, it is working with TreeMap, it will be nice to be able to use a List. gredler wrote: You can also use a Map (probably a TreeMap), and once TAPESTRY-1292 ( https://issues.apache.org/jira/browse/TAPESTRY-1292) is resolved, you'll be able to use a List as well. On 2/27/07, Ted Steen [EMAIL PROTECTED] wrote: In T5 you use SelectModel. see http://tapestry.apache.org/tapestry5/tapestry-core/apidocs/org/apache/tapestry/SelectModel.html 2007/2/27, Weisu [EMAIL PROTECTED]: Hi, I am converting my app to T5, in T4, I use IPropertySelectionModel to create the dropdown for select, what model can I use in T5. -- View this message in context: http://www.nabble.com/T5%3AHow-to-use-Select-component%27s-model-tf3298500.html#a9175667 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- /ted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/T5%3AHow-to-use-Select-component%27s-model-tf3298500.html#a9197967 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]