[CONF] Apache Tapestry Security FAQ

2014-01-21 Thread Bob Harner (Confluence) 














  


Bob Harner removed a comment from the page:
 


Security FAQ   





Added security label





 
 Stop watching space   Manage Notifications  


 


 


  This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software

[CONF] Apache Tapestry Security FAQ

2014-01-21 Thread Bob Harner (Confluence) 














  


Bob Harner edited the page:
 


Security FAQ   




 Comment: Added Related Articles box 





 Wiki Markup




 {scrollbar} 



Security FAQ



 Wiki Markup




 
{float:right|background=""
{contentbylabel:title=Related Articles|showLabels=false|showSpace=false|space=@self|labels=security}
{float}
 



The built-in PageCatalog and ServiceStatus pages are visible in my production application and I don't want them to be, what can I do?
...
Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost; in that situation, you may want to disable the logic that puts localhost onto the whitelist. This determination is made by the contributions to the ClientWhitelist service. Tapestry makes a contribution with id LocalhostOnly, which one of your modules can override:



 Code Block




 
 @Contribute(ClientWhitelist.class)
  public static void turnOffLocalhostInProduction(OrderedConfigurationWhitelistAnalyzer configuration,
 @Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) {
if (productionMode) { configuration.override(LocalhostOnly, null); }
  }
 



...






 View Online   Like   View Changes

[CONF] Apache Tapestry Security FAQ

2014-01-18 Thread Bob Harner (Confluence) 














  


Bob Harner added a comment to the page:
 


Security FAQ   





Added security label





 View Online   Like  
 Stop watching space   Manage Notifications  


 


 


  This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software

[CONF] Apache Tapestry Security FAQ

2011-12-09 Thread confluence 







Security FAQ
Page  added by Howard M. Lewis Ship

 

 Frequently Asked Questions 

Security FAQ 

The built-in PageCatalog and ServiceStatus pages are visible in my production application and I don't want them to be, what can I do?

First off all, don't panic: these pages are marked with the @WhitelistAccessOnly annotation, which makes them invisible to clients that are not on the whitelist.  Try accessing the page from a different workstation and you may find that the pages are not visible after all.

Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost; in that situation, you may want to disable the logic that puts localhost onto the whitelist.  This determination is made by the contributions to the ClientWhitelist service. Tapestry makes a contribution with id "LocalhostOnly", which one of your modules can override:



@Contribute(ClientWhitelist.class)
public static void turnOffLocalhostInProduction(OrderedConfigurationWhitelistAnalyzer configuration, @Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) {
  if (productionMode) { configuration.override("LocalhostOnly", null); }
} 



Frequently Asked Questions 


   
Change Notification Preferences
   
   View Online