Re: Newbie - Show all validation errors
In your form component, > success="listener:doSubmit"> I think you meant jwcid="[EMAIL PROTECTED]". Also, you need to specify the delegate parameter. In case you did not know, there is an example on displaying all errors in chapter 3 of Enjoying Web Development with Tapestry http://www.agileskills2.org/EWDT/ The first 3 chapters are free for download. Shing --- Adam Bennett <[EMAIL PROTECTED]> wrote: > Hello all, > > I'm trying to wrap my head around Tapestry. I'll be > ordering some books > shortly but in the meantime: What is the simplest > way (in 4.1) to show > a list of form validation errors. Here is the > essence of my page: > > > > > > > > success="listener:doSubmit"> > field="component:user"/> > > displayName="Email" > value="ognl:login.user" > > validators="validators:required,email[Invalid email > address]"/> > > field="component:password"/> > displayName="Password" > value="ognl:login.pwd" > validators="validators:required"/> > > > > > > > It doesn't seem like a task that should require any > custom java code in > my page class. From what I can guess It will > probably involve something > like this: > > > source="ognl:components.myForm.delegate.fieldTracking" > value="currentFieldTracking"> > > delegate="currentFieldTracking.errorRenderer"/> > > > > > Yet the above doesn't work. > > Thanks for your patience. > - Adam (a former (hopefully) Struts developer) > > > > Videx Inc. 1105 N. E. Circle Blvd. Corvallis OR > 97330 (541) 758-0521 > CONFIDENTIAL COMMUNICATION: The email message and > any attachments are intended only for the addressee. > They may be privileged, confidential, and protected > from disclosure. If you are not the intended > recipient, any dissemination, distribution, or > copying is expressly prohibited. If you received > this email message in error, please notify the > sender immediately by replying to this e-mail > message or by telephone > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > Home page : http://www.lombok.demon.co.uk/ ___ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5 Best way to omit part of result page in output
Any components that are rendered by that component will not be rendered if SetupRender or BeginRender returns false. Janko Muzykant wrote: > > One more question. What will happen with all nested components when a > given parent component returns false in its SetupRender? Are they > automatically discarded? > > thanks, > jm. > > > > DougS wrote: >> >> Also, if you would like to put the logic to determine if a component >> should display or not in that component, you can have your SetupRender or >> BeginRender phases return a boolean result -- if it returns false, the >> component will not be rendered (no matter where that component is >> placed). [cut] >> > > -- View this message in context: http://www.nabble.com/T5-Best-way-to-omit-part-of-result-page-in-output-tf4211016.html#a11991233 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Any component Bis
Yes thank you Nick. I've create my own Any component from T5 5.0.3 sources ;) Regards
Newbie - Show all validation errors
Hello all, I'm trying to wrap my head around Tapestry. I'll be ordering some books shortly but in the meantime: What is the simplest way (in 4.1) to show a list of form validation errors. Here is the essence of my page: It doesn't seem like a task that should require any custom java code in my page class. From what I can guess It will probably involve something like this: Yet the above doesn't work. Thanks for your patience. - Adam (a former (hopefully) Struts developer) Videx Inc. 1105 N. E. Circle Blvd. Corvallis OR 97330 (541) 758-0521 CONFIDENTIAL COMMUNICATION: The email message and any attachments are intended only for the addressee. They may be privileged, confidential, and protected from disclosure. If you are not the intended recipient, any dissemination, distribution, or copying is expressly prohibited. If you received this email message in error, please notify the sender immediately by replying to this e-mail message or by telephone - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5 Best way to omit part of result page in output
One more question. What will happen with all nested components when a given parent component returns false in its SetupRender? Are they automatically discarded? thanks, jm. DougS wrote: > > Also, if you would like to put the logic to determine if a component > should display or not in that component, you can have your SetupRender or > BeginRender phases return a boolean result -- if it returns false, the > component will not be rendered (no matter where that component is placed). > [cut] > -- View this message in context: http://www.nabble.com/T5-Best-way-to-omit-part-of-result-page-in-output-tf4211016.html#a11989375 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Why is default ValidationTracker in Form marked Persist not Persist("flash")
On Fri, 03 Aug 2007 16:07:07 -0300, Howard Lewis Ship <[EMAIL PROTECTED]> wrote: By making it @Persist (i.e. with default), then the container (i.e., your page) can set a @Meta to control the default persistence of components below it. Thus, if you want the default to be "flash", you're in luck. Or, you can inject the Form component, it has methods that overlap ValidationDelegate for clearing errors & etc. (it just delegates to its ValidationDelegate). Could you give us an example of how to accomplish this? Thiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Why is default ValidationTracker in Form marked Persist not Persist("flash")
By making it @Persist (i.e. with default), then the container (i.e., your page) can set a @Meta to control the default persistence of components below it. Thus, if you want the default to be "flash", you're in luck. Or, you can inject the Form component, it has methods that overlap ValidationDelegate for clearing errors & etc. (it just delegates to its ValidationDelegate). On 8/3/07, Christian Koeberl <[EMAIL PROTECTED]> wrote: > > Hi! > > I was wondering why the "_defaultTracker" in the Form component is marked > as @Persist not as @Persist("flash"). > > In my opinion it should be @Persist("flash")!! > > Persisting the ValidationTracker in the session leads to some (usually) > not wanted > behaviour: the validation is not reset, even though a new object is edited > with that form. > > Here is an example: > > Assume you have a page with a form and a TextField. I disabled client > validation to > see the problem: > > @SuppressWarnings("unused") > @Component(parameters = "clientValidation = false") > private Form mainForm; > > @SuppressWarnings("unused") > @Component(parameters = > { "value = name", "label = literal:Name", "validate = required, > maxlength=20" }) > private TextField nameField; > > private String name; > // getters and setters > > When you try to save the form the ValidationTracker tracks the error and > the error > is displayed to the user. So far, so good. > Next, the user triggers a PageLink ("Cancel edit") to another page. There > the user > selects another name and is forwarded to the page with the form again, the > new name > is set with setName("xxx"). The form still displays the error and the old > value of the > previously edited name. > > -- > Chris > -- Howard M. Lewis Ship TWD Consulting, Inc. Independent J2EE / Open-Source Java Consultant Creator and PMC Chair, Apache Tapestry Creator, Apache HiveMind Professional Tapestry training, mentoring, support and project work. http://howardlewisship.com
Re: [T5] Security of files in the classpath
I don't plan on changing the default configuration from whitelist to blacklist... it's the fallback. I'm a fan of "deny unless explicitly authorized", as well. The AssetProtectionDispatcher takes an ordered configuration of AssetPathAuthorizer's, with the default whitelist implementation being the "catch all" final authorizer in what amounts to a chain of command. So you can certainly contribute your own implementations of authorizer on top of the default. Having a pattern matching whitelist would certainly be useful; I'm in a time crunch at the moment (and basically will be until the end of August), but in the beginning of September, I will rework the default WhitelistAuthorizer to accept url patterns. Robert On Aug 3, 2007, at 8/38:27 AM , Thiago H de Paula Figueiredo wrote: On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand <[EMAIL PROTECTED]> wrote: Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is "explicit authorization" : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. That's a very good point. ;) But I agree that the white list should authorize jokers to enable "*.jpg" kind of filter (and if you name your confidential file "picture_of_my_secret_weapon.jpg", well, to bad for you ;) Maybe we could allow any .jpg, .gif, .jpg and .css file by default and explicitly whitelist the rest. And no, I don't want to see the picture of your secret weapon, whatever it is. :P Thiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5 Best way to omit part of result page in output
Also, if you would like to put the logic to determine if a component should display or not in that component, you can have your SetupRender or BeginRender phases return a boolean result -- if it returns the false, the component will not be rendered (no matter where that component is placed). For example: Page template: http://tapestry.apache.org/schema/tapestry_5_0_0.xsd";> Conditionally render a component Component template: http://tapestry.apache.org/schema/tapestry_5_0_0.xsd";> I've been displayed! Component class: package org.example.myapp.components; import org.apache.tapestry.MarkupWriter; import org.apache.tapestry.annotations.BeginRender; import org.example.myapp.services.DetermineSomeCondition; public class MyConditionalDisplayComponent { private someCondition; @BeginRender boolean beginRender() { someCondition = DetermineSomeCondition.determine(); return (someCondition == true); } } Daniel Jue wrote: > > Hi, I would try blocks of components at the end of your template, and > a delegate component. > > The delegate refers to a method in your page or component class the > template it for. It returns an Object, which is actually one of the > component blocks. It can also return null and nothing will be rendered > where the delegate tag was. > > Alternatively, you could wrap a section of code in an If component. > > > > For instance, to delegate: > > http://tapestry.apache.org/schema/tapestry_5_0_0.xsd";> > > > > > > > > > > > > > > > > > The java: > > @Component(id = "daterangetypeSelector") > private SelectDateRangeType selectdaterangetype; > > @Component > private SelectMonth selectmonth; > > @Component > private SelectMonthRange selectmonthrange; > > @Component > private SelectQuarter selectquarter; > > @Component > private SelectQuarterRange selectquarterrange; > > public Object getTypeOfDateRange() { > DateRangeType drt = selectdaterangetype.getSelected(); > if (drt.equals(DateRangeTypeEnum.DR_ENTIRE_FISCAL_YEAR)) { > return null; > } else if (drt.equals(DateRangeTypeEnum.DR_MONTH_SINGLE)) { > return selectmonth; > } else if (drt.equals(DateRangeTypeEnum.DR_MONTH_RANGE)) { > return selectmonthrange; > } else if (drt.equals(DateRangeTypeEnum.DR_QUARTER_SINGLE)) { > return selectquarter; > } else { > logger.debug("getTypeOfDateRange() DRT is unknown to > me, drt=" > + drt.toDisplay()); > return null; > } > } > > > > > > On 8/3/07, Janko Muzykant <[EMAIL PROTECTED]> wrote: >> >> hello, i would like to omit some part of my page eg. allow only one >> component >> to be written in output. i did it writing my own MarkupWriter with >> enable/disable function which when enabled works as standard writer and >> when >> disabled ignores all writings. It's initially disabled and only specific >> component toggles the flag to write out its body. It works, but having in >> mind all the flexibility of tapestry 5 i bet there is much better way to >> do >> the same thing. Could you enlighten me a bit and suggest better solution? >> >> thanks, >> jm. >> >> -- >> View this message in context: >> http://www.nabble.com/T5-Best-way-to-omit-part-of-result-page-in-output-tf4211016.html#a11978648 >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/T5-Best-way-to-omit-part-of-result-page-in-output-tf4211016.html#a11986632 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Acegi
Sorry I missed that. Without investigating too much I can se you have 2 possibilities 1) Having a separate servlet/url for login (not that bad ...) 2) Doing your on ObjectDefinitionSOurce implementation returning different config attributes depending on passed request (in filter context this object is passed a FilterInvocation where you have access to all request details) I don't particularly like any of this solutions, the first one might be easier though (I don't particularly like the ObjectDefinitionSource acegi system). On 8/3/07, Paulo Ramos <[EMAIL PROTECTED]> wrote: > > Thanks, but probably i don't explain well. > > I already have Acegi with that configuration. My problem isn't the login > page but the response of the form in the login page. This form is do a > "post" to direct.svc and i cant give access to anonymous user to the url: > /direct.svc** > > Paulo Ramos > > > Martino Piccinato escreveu: > you have to configure your FilterSecurityInterceptor with something like > this > > > > > /login.html**=ROLE_ANONYMOUS,ROLE_AUTHENTICATED > /**=ROLE_AUTHENTICATED > > > > > and add an AnonymousFilter to your filterchain, e.g.: > >class="org.acegisecurity.util.FilterChainProxy"> > > > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > /**=httpSessionContextIntegrationFilter,casProcessingFilter,logoutProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor > > > > > class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> > > anon > > > anonymous,ROLE_ANONYMOUS > > > > This way non authenticated request will get a ROLE_ANONYMOUS by > default and will be able to see the login page. > > It doesn't have much to do with Tapestry though, acegi is quite "orthogonal" > ;-) > > On 8/3/07, Paulo Ramos <[EMAIL PROTECTED]> wrote: > > > Hi, > > I have 3 projects and i decide group commons components and pages in one > library. > One of the pages is the Acegi login. > I have friendly url's and secure pages with Acegi. > When i try to login, the form is sent by "post" to direct.svc and fail > because this url is protected. How i can open the login response sent to > direct.svc without expose other direct services. > > Thanks for your time > > > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5 Best way to omit part of result page in output
Hi, I would try blocks of components at the end of your template, and a delegate component. The delegate refers to a method in your page or component class the template it for. It returns an Object, which is actually one of the component blocks. It can also return null and nothing will be rendered where the delegate tag was. Alternatively, you could wrap a section of code in an If component. For instance, to delegate: http://tapestry.apache.org/schema/tapestry_5_0_0.xsd";> The java: @Component(id = "daterangetypeSelector") private SelectDateRangeType selectdaterangetype; @Component private SelectMonth selectmonth; @Component private SelectMonthRange selectmonthrange; @Component private SelectQuarter selectquarter; @Component private SelectQuarterRange selectquarterrange; public Object getTypeOfDateRange() { DateRangeType drt = selectdaterangetype.getSelected(); if (drt.equals(DateRangeTypeEnum.DR_ENTIRE_FISCAL_YEAR)) { return null; } else if (drt.equals(DateRangeTypeEnum.DR_MONTH_SINGLE)) { return selectmonth; } else if (drt.equals(DateRangeTypeEnum.DR_MONTH_RANGE)) { return selectmonthrange; } else if (drt.equals(DateRangeTypeEnum.DR_QUARTER_SINGLE)) { return selectquarter; } else { logger.debug("getTypeOfDateRange() DRT is unknown to me, drt=" + drt.toDisplay()); return null; } } On 8/3/07, Janko Muzykant <[EMAIL PROTECTED]> wrote: > > hello, i would like to omit some part of my page eg. allow only one component > to be written in output. i did it writing my own MarkupWriter with > enable/disable function which when enabled works as standard writer and when > disabled ignores all writings. It's initially disabled and only specific > component toggles the flag to write out its body. It works, but having in > mind all the flexibility of tapestry 5 i bet there is much better way to do > the same thing. Could you enlighten me a bit and suggest better solution? > > thanks, > jm. > > -- > View this message in context: > http://www.nabble.com/T5-Best-way-to-omit-part-of-result-page-in-output-tf4211016.html#a11978648 > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Acegi
Thanks, but probably i don't explain well. I already have Acegi with that configuration. My problem isn't the login page but the response of the form in the login page. This form is do a "post" to direct.svc and i cant give access to anonymous user to the url: /direct.svc** Paulo Ramos Martino Piccinato escreveu: you have to configure your FilterSecurityInterceptor with something like this /login.html**=ROLE_ANONYMOUS,ROLE_AUTHENTICATED /**=ROLE_AUTHENTICATED and add an AnonymousFilter to your filterchain, e.g.: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,casProcessingFilter,logoutProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor anon anonymous,ROLE_ANONYMOUS This way non authenticated request will get a ROLE_ANONYMOUS by default and will be able to see the login page. It doesn't have much to do with Tapestry though, acegi is quite "orthogonal" ;-) On 8/3/07, Paulo Ramos <[EMAIL PROTECTED]> wrote: Hi, I have 3 projects and i decide group commons components and pages in one library. One of the pages is the Acegi login. I have friendly url's and secure pages with Acegi. When i try to login, the form is sent by "post" to direct.svc and fail because this url is protected. How i can open the login response sent to direct.svc without expose other direct services. Thanks for your time - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JumpStart v1.6 - for Tapestry 4.1.2
BTW Could you, Geoff, comment on how EJB 3 solve Hibernate detached object multi-thread access problem? I didn't got your point in this case. Renat On 03/08/07, Geoff Callender <[EMAIL PROTECTED]> wrote: > Hi Kalle, > > I guess my starting point is that I really like the discipline of > building a business facade for my system ie. a layer that says what > the system can do for you, irrespective of UIs. So then the question > for me is where to put that layer. Since EJB3 arrived, I've opted to > put the business layer in a container because: > > - the configuration is almost nil > - the transaction boundary is clear and usually you have to do nothing. > - you get remoting for free. > - you get JTA (transactions across multiple resources) for free. > - you get declarative security for free > - you get basic AOP for free > - the DAO pattern disappears - I treat each session bean as a > business service that manipulates entities directly. DAOs came into > existence to hide the persistence details. but now JPA does that for > you. No DAOs means one less layer of plumbing. > - the old concern of creating masses of DTOs that mimic your domain > model is gone, thanks to detached entities. > - session beans get their own thread, so you don't get complicated > problems like > http://thread.gmane.org/gmane.comp.java.tapestry.user/49915/focus=50023 > - you can turn a session bean into a web service with ease > > I'm sure there's more that I can't think of right now. The only > downside I've come across is that testing relies on the container > running, but it looks like there are solutions to that just around > the corner. > > HTH > > Geoff > > On 03/08/2007, at 1:27 PM, Kalle Korhonen wrote: > > > Hey Geoff, > > > > could you comment on the reasons why you require an J2EE container. > > Is it > > just so that you don't need to deal with initializing the > > EntityManager > > yourself or do you see other compelling benefits in using the > > container? I'm > > asking because while we use EJB3 & Hibernate annotations in Trails ( > > trailsframework.org), we don't use an EntityManager at all (the > > work had > > started before EntityManager was born, much less the stand alone > > EntityManager spec finalized), but we've been thinking of moving to > > using it > > as we start working on supporting transaction management patterns > > other than > > session-per-request. > > > > Kalle > > > > > > On 7/25/07, Geoff Callender <[EMAIL PROTECTED]> > > wrote: > >> > >> Hi Naz, > >> > >>> Is it possible for you to put some tips to use tomcat with your > >>> JumpStart? > >> > >> Sorry but I don't have any plans for doing a Tomcat-only > >> implementation, so the short answer is "no". The reason is that > >> JumpStart uses EJB3 for the business layer. That pretty much means > >> an application server has to be involved. > >> > >> Today, the instructions cover just one app server: JBoss (note that > >> JBoss has Tomcat embedded in it to handle the web layer, and the > >> instructions cover this). > >> > >> In future, instructions are planned for other EJB3 implementations: > >> Glassfish, JBoss MicroContainer, and perhaps one other app server > >> (JOnAS? OC4J?). If someone else would like to do instructions then > >> I'd really appreciate it, as my time for JumpStart is very limited. > >> I'm sure it would benefit many in the Tapestry community. > >> > >> Regards, > >> > >> Geoff > >> > >> > >> On 24/07/2007, at 10:51 AM, Bhuiyan, Nazmul wrote: > >> > >>> Hi, > >>> Is it possible for you to put some tips to use tomcat with your > >>> JumpStart? > >>> Thanks > >>> Naz > >>> -Original Message- > >>> From: Geoff Callender [mailto:[EMAIL PROTECTED] > >>> Sent: Tuesday, 24 July 2007 2:18 a.m. > >>> To: Tapestry users > >>> Subject: JumpStart v1.6 - for Tapestry 4.1.2 > >>> > >>> Hi all, > >>> > >>> JumpStart v1.6.0 is now available. New features include: it works > >>> with Tapestry 4.1.2, it has a more Maven-like project structure, and > >>> it builds its exploded EAR file on the fly. You'll find it at the > >>> usual place: > >>> > >>> http://files.doublenegative.com.au/jumpstart > >>> > >>> JumpStart v1.5.0 has also been released today for those wanting to > >>> stay with Tapestry 4.0.2 but get the other new features. > >>> > >>> Comments and suggestions welcomed. Be brutal or helpful - I don't > >>> care which, because it all helps to make this stuff more useful. > >>> > >>> Cheers, > >>> > >>> Geoff Callender > >>> > >>> > >>> - > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>> - > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > >> > >> - > >> To
Re: [T4] Event for every request to clear data
Ok, yeah actually Tapestry's ApplicationServlet takes care of the HiveMind filter so nevermind that part: http://tapestry.apache.org/tapestry4.1/usersguide/hivemind.html#Bootstrapping%20the%20Registry On 8/3/07, Ben Dotte <[EMAIL PROTECTED]> wrote: > Yes, a threaded service is created and bound to the current request > thread the first time it is requested. There is a more detailed > explanation here: > > http://hivemind.apache.org/hivemind1/services.html#Threaded+Service+Model > > They also mention on there how to handle cleanup at the end of the > request with HiveMind's servlet filter and the Discardable interface > if needed. > > On 8/3/07, Christian Haselbach <[EMAIL PROTECTED]> wrote: > > On Thu, Aug 02, 2007 at 10:12:14AM -0500, Ben Dotte wrote: > > > Is there any reason you can't use a threaded HiveMind service? That is > > > usually the approach I take when I have a shared resource that should > > > only live for the duration of a request. > > > > Thanks for the tip. I'm not quite sure if this works as I think. > > So the request is done in a new thread, the service is created for this > > thread and is discarded when the request finishes, right? > > > > That would work for me, if this is the way things go. > > > > Regards, > > Christian > > > > -- > > Christian Haselbach - [EMAIL PROTECTED] - +49 176 2082 5804 > > TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring > > Geschäftsführer: Henrik Klagges, Gerhard Müller, Christoph Stock > > Amtsgericht München, HRB 135082 > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Acegi
smime.p7s Description: S/MIME Cryptographic Signature
Re: JumpStart v1.6 - for Tapestry 4.1.2
On Fri, 03 Aug 2007 11:11:23 -0300, Renat Zubairov <[EMAIL PROTECTED]> wrote: Main drawback is offcourse XML files, but we hope it will be fixed with T5 IOC and/or HM2 Tapestry-IoC requires no XML files and is very easy and powerful. Most people here already discovered the pleasure of Tapestry 5 web framework, but have not yet discovered Tapestry IoC. ;) I'm even using Tapestry-IoC in a Tapestry 4.1 project . . . :) Thiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T4] Event for every request to clear data
Yes, a threaded service is created and bound to the current request thread the first time it is requested. There is a more detailed explanation here: http://hivemind.apache.org/hivemind1/services.html#Threaded+Service+Model They also mention on there how to handle cleanup at the end of the request with HiveMind's servlet filter and the Discardable interface if needed. On 8/3/07, Christian Haselbach <[EMAIL PROTECTED]> wrote: > On Thu, Aug 02, 2007 at 10:12:14AM -0500, Ben Dotte wrote: > > Is there any reason you can't use a threaded HiveMind service? That is > > usually the approach I take when I have a shared resource that should > > only live for the duration of a request. > > Thanks for the tip. I'm not quite sure if this works as I think. > So the request is done in a new thread, the service is created for this > thread and is discarded when the request finishes, right? > > That would work for me, if this is the way things go. > > Regards, > Christian > > -- > Christian Haselbach - [EMAIL PROTECTED] - +49 176 2082 5804 > TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring > Geschäftsführer: Henrik Klagges, Gerhard Müller, Christoph Stock > Amtsgericht München, HRB 135082 > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JumpStart v1.6 - for Tapestry 4.1.2
Hello Geoff, We had the same trade offs for our system but still we prefer Hivemind implementation of DI over EJB3 implementation, because of the following reasons: 1. DI from Hivemind has better integration and less infrastructure requirements - jetty much simpler than full blown EJB container. 2. Hivemind configuration capabilities with extension points are far better than any standard container provided options. 3. Simpler packaging and maven project structure. Main drawback is offcourse XML files, but we hope it will be fixed with T5 IOC and/or HM2 Renat On 03/08/07, Geoff Callender <[EMAIL PROTECTED]> wrote: > Hi Kalle, > > I guess my starting point is that I really like the discipline of > building a business facade for my system ie. a layer that says what > the system can do for you, irrespective of UIs. So then the question > for me is where to put that layer. Since EJB3 arrived, I've opted to > put the business layer in a container because: > > - the configuration is almost nil > - the transaction boundary is clear and usually you have to do nothing. > - you get remoting for free. > - you get JTA (transactions across multiple resources) for free. > - you get declarative security for free > - you get basic AOP for free > - the DAO pattern disappears - I treat each session bean as a > business service that manipulates entities directly. DAOs came into > existence to hide the persistence details. but now JPA does that for > you. No DAOs means one less layer of plumbing. > - the old concern of creating masses of DTOs that mimic your domain > model is gone, thanks to detached entities. > - session beans get their own thread, so you don't get complicated > problems like > http://thread.gmane.org/gmane.comp.java.tapestry.user/49915/focus=50023 > - you can turn a session bean into a web service with ease > > I'm sure there's more that I can't think of right now. The only > downside I've come across is that testing relies on the container > running, but it looks like there are solutions to that just around > the corner. > > HTH > > Geoff > > On 03/08/2007, at 1:27 PM, Kalle Korhonen wrote: > > > Hey Geoff, > > > > could you comment on the reasons why you require an J2EE container. > > Is it > > just so that you don't need to deal with initializing the > > EntityManager > > yourself or do you see other compelling benefits in using the > > container? I'm > > asking because while we use EJB3 & Hibernate annotations in Trails ( > > trailsframework.org), we don't use an EntityManager at all (the > > work had > > started before EntityManager was born, much less the stand alone > > EntityManager spec finalized), but we've been thinking of moving to > > using it > > as we start working on supporting transaction management patterns > > other than > > session-per-request. > > > > Kalle > > > > > > On 7/25/07, Geoff Callender <[EMAIL PROTECTED]> > > wrote: > >> > >> Hi Naz, > >> > >>> Is it possible for you to put some tips to use tomcat with your > >>> JumpStart? > >> > >> Sorry but I don't have any plans for doing a Tomcat-only > >> implementation, so the short answer is "no". The reason is that > >> JumpStart uses EJB3 for the business layer. That pretty much means > >> an application server has to be involved. > >> > >> Today, the instructions cover just one app server: JBoss (note that > >> JBoss has Tomcat embedded in it to handle the web layer, and the > >> instructions cover this). > >> > >> In future, instructions are planned for other EJB3 implementations: > >> Glassfish, JBoss MicroContainer, and perhaps one other app server > >> (JOnAS? OC4J?). If someone else would like to do instructions then > >> I'd really appreciate it, as my time for JumpStart is very limited. > >> I'm sure it would benefit many in the Tapestry community. > >> > >> Regards, > >> > >> Geoff > >> > >> > >> On 24/07/2007, at 10:51 AM, Bhuiyan, Nazmul wrote: > >> > >>> Hi, > >>> Is it possible for you to put some tips to use tomcat with your > >>> JumpStart? > >>> Thanks > >>> Naz > >>> -Original Message- > >>> From: Geoff Callender [mailto:[EMAIL PROTECTED] > >>> Sent: Tuesday, 24 July 2007 2:18 a.m. > >>> To: Tapestry users > >>> Subject: JumpStart v1.6 - for Tapestry 4.1.2 > >>> > >>> Hi all, > >>> > >>> JumpStart v1.6.0 is now available. New features include: it works > >>> with Tapestry 4.1.2, it has a more Maven-like project structure, and > >>> it builds its exploded EAR file on the fly. You'll find it at the > >>> usual place: > >>> > >>> http://files.doublenegative.com.au/jumpstart > >>> > >>> JumpStart v1.5.0 has also been released today for those wanting to > >>> stay with Tapestry 4.0.2 but get the other new features. > >>> > >>> Comments and suggestions welcomed. Be brutal or helpful - I don't > >>> care which, because it all helps to make this stuff more useful. > >>> > >>> Cheers, > >>> > >>> Geoff Callender > >>> > >>> > >>>
Re: [T5] Security of files in the classpath
On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand <[EMAIL PROTECTED]> wrote: Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is "explicit authorization" : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. That's a very good point. ;) But I agree that the white list should authorize jokers to enable "*.jpg" kind of filter (and if you name your confidential file "picture_of_my_secret_weapon.jpg", well, to bad for you ;) Maybe we could allow any .jpg, .gif, .jpg and .css file by default and explicitly whitelist the rest. And no, I don't want to see the picture of your secret weapon, whatever it is. :P Thiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JumpStart v1.6 - for Tapestry 4.1.2
Hi Kalle, I guess my starting point is that I really like the discipline of building a business facade for my system ie. a layer that says what the system can do for you, irrespective of UIs. So then the question for me is where to put that layer. Since EJB3 arrived, I've opted to put the business layer in a container because: - the configuration is almost nil - the transaction boundary is clear and usually you have to do nothing. - you get remoting for free. - you get JTA (transactions across multiple resources) for free. - you get declarative security for free - you get basic AOP for free - the DAO pattern disappears - I treat each session bean as a business service that manipulates entities directly. DAOs came into existence to hide the persistence details. but now JPA does that for you. No DAOs means one less layer of plumbing. - the old concern of creating masses of DTOs that mimic your domain model is gone, thanks to detached entities. - session beans get their own thread, so you don't get complicated problems like http://thread.gmane.org/gmane.comp.java.tapestry.user/49915/focus=50023 - you can turn a session bean into a web service with ease I'm sure there's more that I can't think of right now. The only downside I've come across is that testing relies on the container running, but it looks like there are solutions to that just around the corner. HTH Geoff On 03/08/2007, at 1:27 PM, Kalle Korhonen wrote: Hey Geoff, could you comment on the reasons why you require an J2EE container. Is it just so that you don't need to deal with initializing the EntityManager yourself or do you see other compelling benefits in using the container? I'm asking because while we use EJB3 & Hibernate annotations in Trails ( trailsframework.org), we don't use an EntityManager at all (the work had started before EntityManager was born, much less the stand alone EntityManager spec finalized), but we've been thinking of moving to using it as we start working on supporting transaction management patterns other than session-per-request. Kalle On 7/25/07, Geoff Callender <[EMAIL PROTECTED]> wrote: Hi Naz, Is it possible for you to put some tips to use tomcat with your JumpStart? Sorry but I don't have any plans for doing a Tomcat-only implementation, so the short answer is "no". The reason is that JumpStart uses EJB3 for the business layer. That pretty much means an application server has to be involved. Today, the instructions cover just one app server: JBoss (note that JBoss has Tomcat embedded in it to handle the web layer, and the instructions cover this). In future, instructions are planned for other EJB3 implementations: Glassfish, JBoss MicroContainer, and perhaps one other app server (JOnAS? OC4J?). If someone else would like to do instructions then I'd really appreciate it, as my time for JumpStart is very limited. I'm sure it would benefit many in the Tapestry community. Regards, Geoff On 24/07/2007, at 10:51 AM, Bhuiyan, Nazmul wrote: Hi, Is it possible for you to put some tips to use tomcat with your JumpStart? Thanks Naz -Original Message- From: Geoff Callender [mailto:[EMAIL PROTECTED] Sent: Tuesday, 24 July 2007 2:18 a.m. To: Tapestry users Subject: JumpStart v1.6 - for Tapestry 4.1.2 Hi all, JumpStart v1.6.0 is now available. New features include: it works with Tapestry 4.1.2, it has a more Maven-like project structure, and it builds its exploded EAR file on the fly. You'll find it at the usual place: http://files.doublenegative.com.au/jumpstart JumpStart v1.5.0 has also been released today for those wanting to stay with Tapestry 4.0.2 but get the other new features. Comments and suggestions welcomed. Be brutal or helpful - I don't care which, because it all helps to make this stuff more useful. Cheers, Geoff Callender - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Security of files in the classpath
Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is "explicit authorization" : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. But I agree that the white list should authorize jokers to enable "*.jpg" kind of filter (and if you name your confidential file "picture_of_my_secret_weapon.jpg", well, to bad for you ;) -- Francois Armand Etudes & Développements J2EE LINAGORA SA - http://www.linagora.com Tél.: +33 (0)1 58 18 68 28 --- InterLDAP - http://interldap.org FederID - http://www.federid.org/ Open Source identities management and federation - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Security of files in the classpath
On Fri, 03 Aug 2007 05:33:55 -0300, Robert Zeigler <[EMAIL PROTECTED]> wrote: Nope. Zero configuration necessary for the basic functionality. Keep in mind, however, that the default configuration is pretty restrictive, since it is whitelist-based, and the only entries added by default are the Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Thiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Acegi
you have to configure your FilterSecurityInterceptor with something like this /login.html**=ROLE_ANONYMOUS,ROLE_AUTHENTICATED /**=ROLE_AUTHENTICATED and add an AnonymousFilter to your filterchain, e.g.: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,casProcessingFilter,logoutProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor anon anonymous,ROLE_ANONYMOUS This way non authenticated request will get a ROLE_ANONYMOUS by default and will be able to see the login page. It doesn't have much to do with Tapestry though, acegi is quite "orthogonal" ;-) On 8/3/07, Paulo Ramos <[EMAIL PROTECTED]> wrote: > Hi, > > I have 3 projects and i decide group commons components and pages in one > library. > One of the pages is the Acegi login. > I have friendly url's and secure pages with Acegi. > When i try to login, the form is sent by "post" to direct.svc and fail > because this url is protected. How i can open the login response sent to > direct.svc without expose other direct services. > > Thanks for your time > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Acegi
Hi, I have 3 projects and i decide group commons components and pages in one library. One of the pages is the Acegi login. I have friendly url's and secure pages with Acegi. When i try to login, the form is sent by "post" to direct.svc and fail because this url is protected. How i can open the login response sent to direct.svc without expose other direct services. Thanks for your time smime.p7s Description: S/MIME Cryptographic Signature
AW: T4.1.2 and beanform
hi goeff, it worked for me: net.sf.tacos tacos-core 4.1.0-SNAPSHOT com.javaforge.tapestry tapestry-prop 1.0.0 tapestry tapestry tapestry-annotations tapestry tapestry-contrib tapestry org.apache.tapestry tapestry-annotations 4.1.2 org.apache.tapestry tapestry-framework 4.1.2 org.apache.tapestry tapestry-contrib 4.1.2 net.sf.tacos beanform-core 0.8-SNAPSHOT jboss javassist 3.4.ga de.freenet.pos freenetag-login-service 1.0.1-SNAPSHOT javax.servlet servlet-api 2.4 provided commons-lang commons-lang 2.3 -Ursprüngliche Nachricht- Von: Geoff Callender [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 3. August 2007 12:46 An: Tapestry users Betreff: Re: T4.1.2 and beanform Hi, I've just tried beanform-core-0.8-20070629.194801-1.jar but I'm still getting the problem. Anyone else? [ +/- ] Exception: Unable to lookup $BeanFormButtons_31: $BeanFormButtons_31 org.apache.hivemind.ApplicationRuntimeException Unable to lookup $BeanFormButtons_31: $BeanFormButtons_31 [ +/- ] Exception: $BeanFormButtons_31 javassist.NotFoundException $BeanFormButtons_31 Stack Trace: javassist.ClassPool.get(ClassPool.java:417) ...etc as for Peter below... Geoff On 13/07/2007, at 6:36 AM, Andreas Andreou wrote: > http://tacos.sourceforge.net/nightly/ is a maven snapshot repo... > > http://tacos.sourceforge.net/nightly/net/sf/tacos/ has the subprojects > > http://tacos.sourceforge.net/tacos4.1/tacos-core/quick-start/ > downloading.htmla > quick note on including > any subproject in a pom > > > > > On 7/12/07, Henry Chen <[EMAIL PROTECTED]> wrote: >> >> >> Hi Andy, >> >> I have the same problem and tried to find a new release of >> beanform. It >> looks like 0.8 is on the way but I cannnot find where to download. >> What do >> you suggest? Thank you. >> >> >> >> >> andyhot wrote: >> > >> > There's a new version coming in that address exactly this problem. >> > I'll make a related announcement in the following hours, so stay >> tuned >> ;) >> > >> > On 7/10/07, Peter Schröder <[EMAIL PROTECTED]> wrote: >> >> >> >> hi, >> >> >> >> i am trying to use beanform and T4.1.2 for the first time, but >> i only >> get >> >> the following exception. did i miss a dependy or something? >> >> >> >> There was an error borrowing the page with key PageKey >> [_pageName='Home' >> , >> >> _locale=de_DE ] from the page pool. >> >> org.apache.hivemind.ApplicationRuntimeException >> >> There was an error borrowing the page with key PageKey >> [_pageName='Home' >> , >> >> _locale=de_DE ] from the page pool. >> >> >> >> [ +/- ] Exception: Unable to lookup $BeanFormButtons_9: >> >> $BeanFormButtons_9 >> >> org.apache.hivemind.ApplicationRuntimeException >> >> Unable to lookup $BeanFormButtons_9: $BeanFormButtons_9 >> >> >> >> [ +/- ] Exception: $BeanFormButtons_9 >> >> javassist.NotFoundException >> >> $BeanFormButtons_9 >> >> Stack Trace: >> >> >> >> * javassist.ClassPool.get(ClassPool.java:417) >> >> * org.apache.tapestry.enhance.CtClassSource.getCtClass( >> >> CtClassSource.java:50) >> >> * org.apache.tapestry.enhance.AbstractFab.convertClass( >> >> AbstractFab.java:82) >> >> * org.apache.tapestry.enhance.ClassFabImpl.addField( >> ClassFabImpl.java >> >> :238) >> >> * >> >> >> com.javaforge.tapestry.prop.PropertyAccessorClassFactoryImpl.construc >> tClass >> >> (PropertyAccessorClassFactoryImpl.java:74) >> >> * >> >> >> $PropertyAccessorClassFactory_113b0adbc52.constructClass >> ($PropertyAccessorClassFactory_113b0adbc52.java) >> >> * >> >> >> $PropertyAccessorClassFactory_113b0adbc51.constructClass >> ($PropertyAccessorClassFactory_113b0adbc51.java) >> >> * >> >> >> com.javaforge.tapestry.prop.PropertyAccessorSourceImpl.createNewAcces >> sorClass >> >> (PropertyAccessorSourceImpl.java:139) >> >> * >> >> >> com.javaforge.tapestry.prop.PropertyAccessorSourceImpl.getCachedPrope >> rtyAccessorClass >> >> (PropertyAccessorSourceImpl.java:87) >> >> * >> com.javaforge.tapestry.prop.PropertyAccessorSourceImpl.getAccessor( >> >> PropertyAccessorSourceImpl.java:55) >> >> * >> >> >> $PropertyAccessorSource_113b0adbc50.getAccessor >> ($PropertyAccessorSource_113b0adbc50.java) >> >> * >> >> >> $PropertyAccessorSource_113b0adbc4f.getAccessor >> ($PropertyAccessorSource_113b0adbc4f.java) >> >> * >> >> >> com.javaforge.tapestry.prop.PropertyAccessorBindingFactory.createBind >> ing( >> >> PropertyAccessorBindingFactory.java:36) >> >> * >> >> >> $BindingFactory_113b0adbc44.createBinding >> ($BindingFactory_113b0adbc44.java) >> >> * >> >> >> $BindingFactory_113b0adbc43.crea
[T5] Why is default ValidationTracker in Form marked Persist not Persist("flash")
Hi! I was wondering why the "_defaultTracker" in the Form component is marked as @Persist not as @Persist("flash"). In my opinion it should be @Persist("flash")!! Persisting the ValidationTracker in the session leads to some (usually) not wanted behaviour: the validation is not reset, even though a new object is edited with that form. Here is an example: Assume you have a page with a form and a TextField. I disabled client validation to see the problem: @SuppressWarnings("unused") @Component(parameters = "clientValidation = false") private Form mainForm; @SuppressWarnings("unused") @Component(parameters = { "value = name", "label = literal:Name", "validate = required, maxlength=20" }) private TextField nameField; private String name; // getters and setters When you try to save the form the ValidationTracker tracks the error and the error is displayed to the user. So far, so good. Next, the user triggers a PageLink ("Cancel edit") to another page. There the user selects another name and is forwarded to the page with the form again, the new name is set with setName("xxx"). The form still displays the error and the old value of the previously edited name. -- Chris
Re: T4.1.2 and beanform
Hi, I've just tried beanform-core-0.8-20070629.194801-1.jar but I'm still getting the problem. Anyone else? [ +/- ] Exception: Unable to lookup $BeanFormButtons_31: $BeanFormButtons_31 org.apache.hivemind.ApplicationRuntimeException Unable to lookup $BeanFormButtons_31: $BeanFormButtons_31 [ +/- ] Exception: $BeanFormButtons_31 javassist.NotFoundException $BeanFormButtons_31 Stack Trace: javassist.ClassPool.get(ClassPool.java:417) ...etc as for Peter below... Geoff On 13/07/2007, at 6:36 AM, Andreas Andreou wrote: http://tacos.sourceforge.net/nightly/ is a maven snapshot repo... http://tacos.sourceforge.net/nightly/net/sf/tacos/ has the subprojects http://tacos.sourceforge.net/tacos4.1/tacos-core/quick-start/ downloading.htmla quick note on including any subproject in a pom On 7/12/07, Henry Chen <[EMAIL PROTECTED]> wrote: Hi Andy, I have the same problem and tried to find a new release of beanform. It looks like 0.8 is on the way but I cannnot find where to download. What do you suggest? Thank you. andyhot wrote: > > There's a new version coming in that address exactly this problem. > I'll make a related announcement in the following hours, so stay tuned ;) > > On 7/10/07, Peter Schröder <[EMAIL PROTECTED]> wrote: >> >> hi, >> >> i am trying to use beanform and T4.1.2 for the first time, but i only get >> the following exception. did i miss a dependy or something? >> >> There was an error borrowing the page with key PageKey [_pageName='Home' , >> _locale=de_DE ] from the page pool. >> org.apache.hivemind.ApplicationRuntimeException >> There was an error borrowing the page with key PageKey [_pageName='Home' , >> _locale=de_DE ] from the page pool. >> >> [ +/- ] Exception: Unable to lookup $BeanFormButtons_9: >> $BeanFormButtons_9 >> org.apache.hivemind.ApplicationRuntimeException >> Unable to lookup $BeanFormButtons_9: $BeanFormButtons_9 >> >> [ +/- ] Exception: $BeanFormButtons_9 >> javassist.NotFoundException >> $BeanFormButtons_9 >> Stack Trace: >> >> * javassist.ClassPool.get(ClassPool.java:417) >> * org.apache.tapestry.enhance.CtClassSource.getCtClass( >> CtClassSource.java:50) >> * org.apache.tapestry.enhance.AbstractFab.convertClass( >> AbstractFab.java:82) >> * org.apache.tapestry.enhance.ClassFabImpl.addField( ClassFabImpl.java >> :238) >> * >> com.javaforge.tapestry.prop.PropertyAccessorClassFactoryImpl.construc tClass >> (PropertyAccessorClassFactoryImpl.java:74) >> * >> $PropertyAccessorClassFactory_113b0adbc52.constructClass ($PropertyAccessorClassFactory_113b0adbc52.java) >> * >> $PropertyAccessorClassFactory_113b0adbc51.constructClass ($PropertyAccessorClassFactory_113b0adbc51.java) >> * >> com.javaforge.tapestry.prop.PropertyAccessorSourceImpl.createNewAcces sorClass >> (PropertyAccessorSourceImpl.java:139) >> * >> com.javaforge.tapestry.prop.PropertyAccessorSourceImpl.getCachedPrope rtyAccessorClass >> (PropertyAccessorSourceImpl.java:87) >> * com.javaforge.tapestry.prop.PropertyAccessorSourceImpl.getAccessor( >> PropertyAccessorSourceImpl.java:55) >> * >> $PropertyAccessorSource_113b0adbc50.getAccessor ($PropertyAccessorSource_113b0adbc50.java) >> * >> $PropertyAccessorSource_113b0adbc4f.getAccessor ($PropertyAccessorSource_113b0adbc4f.java) >> * >> com.javaforge.tapestry.prop.PropertyAccessorBindingFactory.createBind ing( >> PropertyAccessorBindingFactory.java:36) >> * >> $BindingFactory_113b0adbc44.createBinding ($BindingFactory_113b0adbc44.java) >> * >> $BindingFactory_113b0adbc43.createBinding ($BindingFactory_113b0adbc43.java) >> * org.apache.tapestry.services.impl.BindingSourceImpl.createBinding ( >> BindingSourceImpl.java:99) >> * >> $BindingSource_113b0adbaf8.createBinding ($BindingSource_113b0adbaf8.java) >> * >> org.apache.tapestry.pageload.PageLoader.convert(PageLoader.java: 318) >> * org.apache.tapestry.pageload.PageLoader.bind (PageLoader.java:278) >> * org.apache.tapestry.pageload.PageLoader.constructComponent( >> PageLoader.java:391) >> * org.apache.tapestry.pageload.PageLoader.constructComponent( >> PageLoader.java:396) >> * org.apache.tapestry.pageload.PageLoader.createImplicitComponent( >> PageLoader.java:504) >> * >> $IPageLoader_113b0adbbac.createImplicitComponent ($IPageLoader_113b0adbbac.java) >> * >> $IPageLoader_113b0adbbad.createImplicitComponent ($IPageLoader_113b0adbbad.java) >> * >> org.apache.tapestry.services.impl.ComponentTemplateLoaderLogic.create ImplicitComponent >> (ComponentTemplateLoaderLogic.java:203) >> * >> org.apache.tapestry.services.impl.ComponentTemplateLoaderLogic.proces s( >> ComponentTemplateLoaderLogic.java:158) >> * >> org.apache.tapestry.services.impl.ComponentTemplateLoaderLogic.proces s( >> ComponentTemplateLoaderLogic.java:98) >> * >> org.apache.tapestry.services.impl.ComponentTemplateLoaderLogic.loadTe mplate >> (ComponentTemplateLoade
Re: [T4] Event for every request to clear data
On Thu, Aug 02, 2007 at 10:12:14AM -0500, Ben Dotte wrote: > Is there any reason you can't use a threaded HiveMind service? That is > usually the approach I take when I have a shared resource that should > only live for the duration of a request. Thanks for the tip. I'm not quite sure if this works as I think. So the request is done in a new thread, the service is created for this thread and is discarded when the request finishes, right? That would work for me, if this is the way things go. Regards, Christian -- Christian Haselbach - [EMAIL PROTECTED] - +49 176 2082 5804 TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring Geschäftsführer: Henrik Klagges, Gerhard Müller, Christoph Stock Amtsgericht München, HRB 135082 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Security of files in the classpath
Nope. Zero configuration necessary for the basic functionality. Keep in mind, however, that the default configuration is pretty restrictive, since it is whitelist-based, and the only entries added by default are the assets that come "out of the box" with tapestry (tapestry.css, tapestry.js, etc.). So, you can either contribute a custom AssetPathAuthorizer (if you don't like the default whitelist strategy...) or you can contribute to the whitelist authorizer. For instance, I'm using the jscalendar component (http:// code.google.com/p/tapestry5-jscalendar/ personally using a modified version that is compatible with T5.0.5...), so I needed to make the assets it uses available, so I have something like the following in my app module: public static void contributeWhitelistAuthorizer( Configuration conf, @Symbol("net.keso.ted.jscalendarscript.path") String jscalendarPath) { conf.add(jscalendarPath +"/calendar-blue.css"); conf.add(jscalendarPath + "/calendar.js"); conf.add(jscalendarPath + "/lang/calendar-en.js"); conf.add(jscalendarPath + "/calendar-setup.js"); conf.add(jscalendarPath + "/button-image.png"); } Robert PS: Noticed that I didn't mention the maven artifactId, etc. before when I mentioned putting it into the maven repo... groupId: com.saiwaisolutions artifactId: AssetProtectionDispatcher version: 0.0.1 On Aug 3, 2007, at 8/32:18 AM , Sabine K. wrote: Hi Robert, How to implement this component? Is it necessary to register the component in the appmodule? Thx Sabine Robert Zeigler wrote: Couple of comments... First, the T5 asset service has the md5 feature. But the default implementation, at the moment, only requires md5 hashing for the .class files. (So, there's not an open door to the class bytes at the moment. ;) Second, I have a T5 app that should be going live in the next few days. So I implemented an extensible AssetProtectorDispatcher. By default, it uses a whitelist strategy, and the default configuration will add the various tapestry assets (default.css, grid's components, etc.) to the whitelist for you. You can download it here: http://www.tapestrycomponents.org/Tassel/app?service=external/ ViewComponent&sp=SAssetProtectionDispatcher Or, if you're a maven user, I've got it in a personal maven repo here: http://www.saiwai-solutions.com/maven Cheers. Robert On Jul 27, 2007, at 7/277:54 AM , Chris Lewis wrote: I'm quite new to Tapestry and just 2 days ago have started working with Tap 5. I realize the two (4 vs 5) are disparately different, but one of the things nice about the Tap 4 asset service was the checksum feature I mentioned that would deny access unless the sum in the url matched that of the file. My newness to Tap may show here, but why can't the asset service simply ignore requests for files that are not marked (@Asset) as assets? I mean doesn't a deny- all first and allow explicit exceptions strategy seem much more sane then providing an open door to the whole classpath (class bytes included??)? Robert Zeigler wrote: Asset service doesn't really need a configuration point here, imo. You can already make contributions to services that would allow you to implement this sort of content filtering. For instance, you could contribute a RequestFilter. Alternatively, you could contribute a Dispatcher to teh MasterDispatcher service. Contributions to MasterDispatcher are ordered, so you can contribute your "AssetBlockerDispatcher" before the asset service, intercept requests to "forbidden" assets, and respond appropriately. You could then make your custom dispatcher (or request filter) configurable in the manner that you desire. You don't rewrite any of the asset service, you get your content filtering, and you can write it as a drop-in module for any new projects. Robert On Jul 26, 2007, at 7/266:18 PM , Daniel Jue wrote: Thiago, my apologies. You are correct. I would think this is big a problem if you can't hide important files from users! Dan On 7/26/07, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote: On Thu, 26 Jul 2007 16:46:37 -0300, Daniel Jue <[EMAIL PROTECTED]> wrote: Hi, Just don't put configuration resources there. I'm not sure you had understood what I've said. My hibernate.cfg.xml is in /src/main/resources. So it is copied by Eclipse/NetBeans/Maven/whatever to my webapp's classpath. And anything in the classpath, as far as I can see, is accessible via /assets. As many frameworks expect their configuration files to be in the classpath, I think we have a little, easy to solve problem here. :) Thiago - -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTE
Re: [ANN]T5 book: reviewers are needed
I am looking forward to reading it. 2007/8/3, Nick Westgate <[EMAIL PROTECTED]>: > This is great news, BTW. Good luck with it! > > Cheers, > Nick. > > > Kolesnikov, Alexander GNI wrote: > > I am writing a book on T5 and the publisher is looking for technical > > reviewers for this book. > > Please contact me directly if you want to review the book or if you have > > any questions. > > > > Cheers, > > > > Alexander > > > > -- > > CONFIDENTIALITY NOTICE: If you have received this email in error, please > > immediately notify the sender by e-mail at the address shown. This email > > transmission may contain confidential information. This information is > > intended only for the use of the individual(s) or entity to whom it is > > intended even if addressed incorrectly. Please delete it from your files > > if you are not the intended recipient. Thank you for your compliance. > > Copyright 2007 CIGNA > > == > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- 得与失都是生活
T5 Best way to omit part of result page in output
hello, i would like to omit some part of my page eg. allow only one component to be written in output. i did it writing my own MarkupWriter with enable/disable function which when enabled works as standard writer and when disabled ignores all writings. It's initially disabled and only specific component toggles the flag to write out its body. It works, but having in mind all the flexibility of tapestry 5 i bet there is much better way to do the same thing. Could you enlighten me a bit and suggest better solution? thanks, jm. -- View this message in context: http://www.nabble.com/T5-Best-way-to-omit-part-of-result-page-in-output-tf4211016.html#a11978648 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [T5] Security of files in the classpath
Hi Robert, How to implement this component? Is it necessary to register the component in the appmodule? Thx Sabine Robert Zeigler wrote: > > Couple of comments... > First, the T5 asset service has the md5 feature. But the default > implementation, at the moment, only requires md5 hashing for > the .class files. (So, there's not an open door to the class bytes at > the moment. ;) > Second, I have a T5 app that should be going live in the next few > days. So I implemented an extensible AssetProtectorDispatcher. By > default, it uses a whitelist strategy, and the default configuration > will add the various tapestry assets (default.css, grid's components, > etc.) to the whitelist for you. > You can download it here: > http://www.tapestrycomponents.org/Tassel/app?service=external/ > ViewComponent&sp=SAssetProtectionDispatcher > > Or, if you're a maven user, I've got it in a personal maven repo here: > http://www.saiwai-solutions.com/maven > > Cheers. > > Robert > > On Jul 27, 2007, at 7/277:54 AM , Chris Lewis wrote: > >> I'm quite new to Tapestry and just 2 days ago have started working >> with Tap 5. I realize the two (4 vs 5) are disparately different, >> but one of the things nice about the Tap 4 asset service was the >> checksum feature I mentioned that would deny access unless the sum >> in the url matched that of the file. My newness to Tap may show >> here, but why can't the asset service simply ignore requests for >> files that are not marked (@Asset) as assets? I mean doesn't a deny- >> all first and allow explicit exceptions strategy seem much more >> sane then providing an open door to the whole classpath (class >> bytes included??)? >> >> Robert Zeigler wrote: >>> >>> Asset service doesn't really need a configuration point here, imo. >>> You can already make contributions to services that would allow >>> you to implement this sort of content filtering. >>> For instance, you could contribute a RequestFilter. Alternatively, >>> you could contribute a Dispatcher to teh MasterDispatcher service. >>> Contributions to MasterDispatcher are ordered, so you can >>> contribute your "AssetBlockerDispatcher" before the asset service, >>> intercept requests to "forbidden" assets, >>> and respond appropriately. You could then make your custom >>> dispatcher (or request filter) configurable in the manner that you >>> desire. >>> You don't rewrite any of the asset service, you get your content >>> filtering, and you can write it as a drop-in module for any new >>> projects. >>> >>> Robert >>> >>> On Jul 26, 2007, at 7/266:18 PM , Daniel Jue wrote: >>> Thiago, my apologies. You are correct. I would think this is big a problem if you can't hide important files from users! Dan On 7/26/07, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote: > On Thu, 26 Jul 2007 16:46:37 -0300, Daniel Jue > <[EMAIL PROTECTED]> wrote: > > > Hi, Just don't put configuration resources there. > > I'm not sure you had understood what I've said. > > My hibernate.cfg.xml is in /src/main/resources. So it is copied by > Eclipse/NetBeans/Maven/whatever to my webapp's classpath. And > anything in > the classpath, as far as I can see, is accessible via > /assets. As many frameworks expect their > configuration > files to be in the classpath, I think we have a little, easy to > solve > problem here. :) > > Thiago > > --- > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> - >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tf4153267.html#a11978578 Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T4 creating dynamic styles for divs
On Thu, Aug 02, 2007 at 06:32:06PM -0700, kael20 wrote: > I have an issue where I need to create the style for a div based on the > properties of an object in my database. This object contains top, left, > width, and height which are important to create this particular div. Is > there anyway that I can apply these attributes dynamically to a div using a > component or something else? You mean like this?