description of grid's volatile parameter wrong?
While going through the component reference, I found the following description for Grid's volatile parameter: If true and the component is enclosed by a Form, then the normal state saving logic is turned off. Defaults to false, enabling state saving logic within Forms. This can be set to false when form elements within the Grid are not related to the current row of the grid, or where another component (such as Hidden) is used to maintain row state. Shouldn't the second sentence read This can be set to *true* when form elements within the Grid are not related to the current row of the grid, or where another component (such as Hidden) is used to maintain row state. or am I getting this wrong? Cheers, Uli - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapx-templating: using it in a t5 webapp possible
That may be possible in version #2. The problem is that to make tapx-templating work requires overriding several key internal services; in order to allow mixed mode, we would have to do something very dynamic so that some of the times, those services were left as is, sometimes overrides. That's possible, but it's much more complex plumbing. At this point it is not a high priority for me (highest priority is documentation); I'd prefer to see messaging isolated and I would use tapx-templating isolated behind a JMS queue anyway, running in a separate server from the web application. On Thu, Aug 13, 2009 at 3:43 AM, Andy Pahneandy.pa...@gmail.com wrote: Hello, I'd like to use tapx-templating to generate some content. I want to integrate it into an existing t5 app (just for convenience). Unfortunatly when I try that, the hosting t5 application won't work anymore as expected, especially assets won't be found. Is it possible to use the actual t5 applications's classpath as the required classpath for t5? So that assets will be found both in the hosting webapp and in the generated offline content? Andy - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- Howard M. Lewis Ship Creator of Apache Tapestry - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
Michael added the logout handler I was suggesting, and a 2.1.1-SNAPSHOT release is available from http://www.localhost.nu/java/mvn-snapshot/ -- regards, Robin - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Security of files in the classpath
The ResourceDigestGenerator by default secures files with extension: .tml and .class. To add more restrictions you'd have to contribute ResourceDigestGenerator. Something like this: public static void contributeResourceDigestGenerator(ConfigurationString configuration) { configuration.add(properties); configuration.add(xml); } However i agree that this should be documented or even created by the maven archetype. It's something a new user could easily forget with devastating consequences. On Fri, Aug 14, 2009 at 4:29 AM, kartweelr...@exemail.com.au wrote: Hi Guys, Sorry to pull up an old thread, but there doesn't seem to be a lot about this topic. Was there ever a nice solution implemented for this? 2 years of tapestry framework development later and I can still download all my class files. I've restricted assets to authenticated users using a method like below, but I thought by now we wouldn't need to be adding custom solutions to manage this and it would be part of the core project?? Robert Zeigler wrote: I don't plan on changing the default configuration from whitelist to blacklist... it's the fallback. I'm a fan of deny unless explicitly authorized, as well. The AssetProtectionDispatcher takes an ordered configuration of AssetPathAuthorizer's, with the default whitelist implementation being the catch all final authorizer in what amounts to a chain of command. So you can certainly contribute your own implementations of authorizer on top of the default. Having a pattern matching whitelist would certainly be useful; I'm in a time crunch at the moment (and basically will be until the end of August), but in the beginning of September, I will rework the default WhitelistAuthorizer to accept url patterns. Robert On Aug 3, 2007, at 8/38:27 AM , Thiago H de Paula Figueiredo wrote: On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand farm...@linagora.com wrote: Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is explicit authorization : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. That's a very good point. ;) But I agree that the white list should authorize jokers to enable *.jpg kind of filter (and if you name your confidential file picture_of_my_secret_weapon.jpg, well, to bad for you ;) Maybe we could allow any .jpg, .gif, .jpg and .css file by default and explicitly whitelist the rest. And no, I don't want to see the picture of your secret weapon, whatever it is. :P Thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24965558.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Upload component in onValidate
Hello! We are using the upload component of tapestry and want to validate the content type during the upload. To accomplish this we wrote the following code: | @Property | private UploadedFile file; | | [...] | | void onValidate() { | | if(file.getContentType().toLowerCase(Locale.ENGLISH) | .equals(application/pdf)) { | [...] | } | } To our surprise, the field file is always null during the validation, but not in onSuccess. Is it not possible to validate this? Or do we have to put a manual validation in onSuccess? TIA Stephan - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Upload component in onValidate
From skimming the sources I would guess that you need to provide your own FieldValidatorObject as a component parameter to t:upload 2009/8/14 Stephan Windmüller stephan.windmuel...@cs.tu-dortmund.de Hello! We are using the upload component of tapestry and want to validate the content type during the upload. To accomplish this we wrote the following code: | @Property | private UploadedFile file; | | [...] | | void onValidate() { | | if(file.getContentType().toLowerCase(Locale.ENGLISH) | .equals(application/pdf)) { | [...] | } | } To our surprise, the field file is always null during the validation, but not in onSuccess. Is it not possible to validate this? Or do we have to put a manual validation in onSuccess? TIA Stephan - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Antwort: Re: Upload component in onValidate
2009/8/14 Stephan Windmüller stephan.windmuel...@cs.tu-dortmund.de Hello! We are using the upload component of tapestry and want to validate the content type during the upload. To accomplish this we wrote the following code: | @Property | private UploadedFile file; | | [...] | | void onValidate() { | | if(file.getContentType().toLowerCase(Locale.ENGLISH) | .equals(application/pdf)) { | [...] | } | } To our surprise, the field file is always null during the validation, but not in onSuccess. I had a similar problem recently, although with ordinary form validation, not with upload. So I'm not sure this is relevant. I also used onValidate() to do the form validation as it is explained in my Tapestry5 book (Kolesnikov). It turned out that this method is called before the setters of the properties used in the form, so the properties were still null in onValidate(). Looking around in the online docs, I found that there is onValidateForm() which is called after the setters. Maybe this has changed in some recent tapestry version. The order of events seems to be now: onValidate() setters onValidateForm() onSuccess()/onFailure() onSubmit I didn't find a summary in the docs on the exact order, and on the default event method names (that incorporate the form id). Also, I don't know what happens if there is, for example, a onSubmit(), onSubmitFromXXX() and a method annotated with @OnEvent(value=submit, component=XXX) in the page. So, in short, try using onValidateForm() instead of onValidate(). Dirk BGS Beratungsgesellschaft Software Systemplanung AG Niederlassung Köln/Bonn Grantham-Allee 2-8 53757 Sankt Augustin Fon: +49 (0) 2241 / 166-500 Fax: +49 (0) 2241 / 166-680 www.bgs-ag.de Geschäftssitz Mainz Registergericht Amtsgericht Mainz HRB 62 50 Aufsichtsratsvorsitzender Klaus Hellwig Vorstand Hermann Kiefer Nils Manegold Thomas Reitz
Re: Upload component in onValidate
Otho wrote: From skimming the sources I would guess that you need to provide your own FieldValidatorObject as a component parameter to t:upload Thanks for the quick reply! I wrote the FieldValidator, but where do I register it and how do I set the component parameter? t:upload t:validate=myValidator gives me this error: | Unknown validator type 'myValidator'. Configured validators are email, | max, maxlength, min, minlength, regexp, required. The class contains this code: | public FieldValidatorUploadedFile getMyValidator() { | return new FieldValidatorUploadedFile() { | ... | } | } Is there any documentation about how to use custom field validators? Regards Stephan - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Antwort: Re: Upload component in onValidate
dirk.latterm...@bgs-ag.de wrote: So, in short, try using onValidateForm() instead of onValidate(). That solved my problem. Thank you very much for this simple solution! Regards Stephan Windmüller - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
RE: Antwort: Re: Upload component in onValidate
From JumpStart for a Form it is: pageAttached() onActivate() ...onPrepareForSubmit() ...onPrepare() ...onSelected() ...onValidateForm() ...onSuccess() ...onSubmit() ...Tapestry creates a URL to next page pageDetached() ...Tapestry redirects to render next page -Original Message- ... The order of events seems to be now: onValidate() setters onValidateForm() onSuccess()/onFailure() onSubmit I didn't find a summary in the docs on the exact order, and on the default event method names (that incorporate the form id). Also, I don't know what happens if there is, for example, a onSubmit(), onSubmitFromXXX() and a method annotated with @OnEvent(value=submit, component=XXX) in the page. So, in short, try using onValidateForm() instead of onValidate(). Dirk ** Experience the British Library online at www.bl.uk The British Library's new interactive Annual Report and Accounts 2007/08 : www.bl.uk/knowledge Help the British Library conserve the world's knowledge. Adopt a Book. www.bl.uk/adoptabook The Library's St Pancras site is WiFi - enabled * The information contained in this e-mail is confidential and may be legally privileged. It is intended for the addressee(s) only. If you are not the intended recipient, please delete this e-mail and notify the postmas...@bl.uk : The contents of this e-mail must not be disclosed or copied without the sender's consent. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the British Library. The British Library does not take any responsibility for the views of the author. * - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Upload component in onValidate
onValidate() gets called for every form component inside your form. The NullPointerException you are getting is likely due to some other form component also validating. Change the method name to match your upload component's id, e.g. onValidateFromUpload() if your component's id is upload. That should do the trick. onValidateForm() can be used to do validation across multiple fields and isn't meant to do validation for just one field. Uli On 14.08.2009 11:55 schrieb Stephan Windmüller: Hello! We are using the upload component of tapestry and want to validate the content type during the upload. To accomplish this we wrote the following code: | @Property | private UploadedFile file; | | [...] | | void onValidate() { | | if(file.getContentType().toLowerCase(Locale.ENGLISH) | .equals(application/pdf)) { | [...] | } | } To our surprise, the field file is always null during the validation, but not in onSuccess. Is it not possible to validate this? Or do we have to put a manual validation in onSuccess? TIA Stephan - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Security of files in the classpath
Isn't this simply due to a Maven convention which has passed its use by date? Why not put .java, .tml, and .properties together in the source tree, and compile them all into WEB-INF/classes/ where they're automatically hidden from the users? Surely this makes so much sense. It's what I do with Ant and it seems to work a treat. Or have I missed something? Eg. correct me if I'm wrong but I'm pretty sure that only the css and images are downloadable from here: http://jumpstart.doublenegative.com.au:8080/jumpstart/ Geoff On 14/08/2009, at 7:07 PM, Juan E. Maya wrote: The ResourceDigestGenerator by default secures files with extension: .tml and .class. To add more restrictions you'd have to contribute ResourceDigestGenerator. Something like this: public static void contributeResourceDigestGenerator(ConfigurationString configuration) { configuration.add(properties); configuration.add(xml); } However i agree that this should be documented or even created by the maven archetype. It's something a new user could easily forget with devastating consequences. On Fri, Aug 14, 2009 at 4:29 AM, kartweelr...@exemail.com.au wrote: Hi Guys, Sorry to pull up an old thread, but there doesn't seem to be a lot about this topic. Was there ever a nice solution implemented for this? 2 years of tapestry framework development later and I can still download all my class files. I've restricted assets to authenticated users using a method like below, but I thought by now we wouldn't need to be adding custom solutions to manage this and it would be part of the core project?? Robert Zeigler wrote: I don't plan on changing the default configuration from whitelist to blacklist... it's the fallback. I'm a fan of deny unless explicitly authorized, as well. The AssetProtectionDispatcher takes an ordered configuration of AssetPathAuthorizer's, with the default whitelist implementation being the catch all final authorizer in what amounts to a chain of command. So you can certainly contribute your own implementations of authorizer on top of the default. Having a pattern matching whitelist would certainly be useful; I'm in a time crunch at the moment (and basically will be until the end of August), but in the beginning of September, I will rework the default WhitelistAuthorizer to accept url patterns. Robert On Aug 3, 2007, at 8/38:27 AM , Thiago H de Paula Figueiredo wrote: On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand farm...@linagora.com wrote: Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is explicit authorization : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. That's a very good point. ;) But I agree that the white list should authorize jokers to enable *.jpg kind of filter (and if you name your confidential file picture_of_my_secret_weapon.jpg, well, to bad for you ;) Maybe we could allow any .jpg, .gif, .jpg and .css file by default and explicitly whitelist the rest. And no, I don't want to see the picture of your secret weapon, whatever it is. :P Thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24965558.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Fragments, Validation and IE
we are encountering the same problem here - server side validation errors for fields in a form fragment that is not visible/active. happens under firefox too. the textfields not visible that produce the validation errors are filled with default values when the form is loaded the first time. the deactivation of combined scripts and compressen does not help :-/ geoffrey, did you find any solution for your problem? Sergey Didenko schrieb: Hi Geoffrey, try to disable combine-scripts and gzip-compression: -Dtapestry.combine-scripts=false -Dtapestry.gzip-compression-enabled=false for the command line. Does it change anything? - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
[T5] Does T5 work with JPA ?
Hi all! I try to develop a T5 / jpa application! All junits tests on my DAOS work but when I try to deploy on tomcat I still have a No Persistence provider for EntityManager name ... error when I call DAOs. My persistence.xml seams to be at good place... So my question is : Is it possible that T5 don't work with jpa ? thx all! - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Does T5 work with JPA ?
Em Fri, 14 Aug 2009 09:42:34 -0300, bdumeny bdum...@cvf.fr escreveu: Hi all! Hi! I try to develop a T5 / jpa application! All junits tests on my DAOS work but when I try to deploy on tomcat I still have a No Persistence provider for EntityManager name ... error when I call DAOs. My persistence.xml seams to be at good place... So my question is : Is it possible that T5 don't work with jpa ? I don't think this is a Tapestry-related issue, as it doesn't touch anything beside page, component and mixin classes. This looks like a misplaced persistence.xml or the way you create your EntityManagers in your web app. -- Thiago H. de Paula Figueiredo Independent Java consultant, developer, and instructor http://www.arsmachina.com.br/thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Security of files in the classpath
Em Fri, 14 Aug 2009 09:28:48 -0300, Geoff Callender geoff.callender.jumpst...@gmail.com escreveu: Isn't this simply due to a Maven convention which has passed its use by date? I don't think so. Why not put .java, .tml, and .properties together in the source tree, and compile them all into WEB-INF/classes/ where they're automatically hidden from the users? Maven, when packaging a web app, copies all the files inside src/main/resources to the classpath root folder (WEB-INF/classes in web applications). The issue here is about how Tapestry handles asset classpath requests. Surely this makes so much sense. It's what I do with Ant and it seems to work a treat. Or have I missed something? Yes. :) In this case, Ant and Maven are just different tools used to package webapps. -- Thiago H. de Paula Figueiredo Independent Java consultant, developer, and instructor http://www.arsmachina.com.br/thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Does T5 work with JPA ?
Thiago H. de Paula Figueiredo a écrit : Em Fri, 14 Aug 2009 09:42:34 -0300, bdumeny bdum...@cvf.fr escreveu: Hi all! Hi! I try to develop a T5 / jpa application! All junits tests on my DAOS work but when I try to deploy on tomcat I still have a No Persistence provider for EntityManager name ... error when I call DAOs. My persistence.xml seams to be at good place... So my question is : Is it possible that T5 don't work with jpa ? I don't think this is a Tapestry-related issue, as it doesn't touch anything beside page, component and mixin classes. This looks like a misplaced persistence.xml or the way you create your EntityManagers in your web app. Missplaced persistence.xml was my first idea, but it's placed in WEB-INF/classes/META-INF/ .. My entity manager factory is static in my DAO : private EntityManagerFactory emFactory = Persistence.createEntityManagerFactory(MY_PERSISTENCE); private EntityManager em; public MyDAOImpl(){ try { em = emFactory.createEntityManager(); } catch (Exception ex) { ex.printStackTrace(); } } and My DAO is injected in my tml Page. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Does T5 work with JPA ?
Doesn't Tomcat - it being just a servlet and JSP engine and not a full blown JEE specification implementation - not have any actual JPA implementation? Are you including one in your WAR file, e.g. Hibernate? 2009/8/14 bdumeny bdum...@cvf.fr: Thiago H. de Paula Figueiredo a écrit : Em Fri, 14 Aug 2009 09:42:34 -0300, bdumeny bdum...@cvf.fr escreveu: Hi all! Hi! I try to develop a T5 / jpa application! All junits tests on my DAOS work but when I try to deploy on tomcat I still have a No Persistence provider for EntityManager name ... error when I call DAOs. My persistence.xml seams to be at good place... So my question is : Is it possible that T5 don't work with jpa ? I don't think this is a Tapestry-related issue, as it doesn't touch anything beside page, component and mixin classes. This looks like a misplaced persistence.xml or the way you create your EntityManagers in your web app. Missplaced persistence.xml was my first idea, but it's placed in WEB-INF/classes/META-INF/ .. My entity manager factory is static in my DAO : private EntityManagerFactory emFactory = Persistence.createEntityManagerFactory(MY_PERSISTENCE); private EntityManager em; public MyDAOImpl(){ try { em = emFactory.createEntityManager(); } catch (Exception ex) { ex.printStackTrace(); } } and My DAO is injected in my tml Page. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- let x=x - http://crazymcphee.net/x/ xray dubs - http://autonomous.org/music/ - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Render body of the component in some other component
Hi, all! Can you tell me is it possible to render body of a component in some other component which is wrapped by this first one in Tapestry 4.1? I have an example: Page html: div jwcid=@Component pThis is top level component's body/p /div Component.jwc: div jwcid=$content$ div Haeder /div div jwcid=@For source=ognl:somePropArray value=ognl:currentProp div jwcid=@InnerComponent !-- Inner Component presents the body of the top level component -- pThis is top level component's body/p div /div div Footer /div /div Maybe use of @RenderBody component for @InnerComponent? Thanks for your time, Marko
RE: Render body of the component in some other component
Sorry, formatting of the last message was awful... Here's the message again: Hi, all! Can you tell me is it possible to render body of a component in some other component which is wrapped by this first one in Tapestry 4.1? I have an example: Page html: div jwcid=@Component pThis is top level component's body/p /div Component.jwc: div jwcid=$content$ div Haeder /div div jwcid=@For source=ognl:somePropArray value=ognl:currentProp div jwcid=@InnerComponent !-- Inner Component presents the body of the top level component -- pThis is top level component's body/p div /div div Footer /div /div Maybe use of @RenderBody component for @InnerComponent? Thanks for your time, Marko - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Render body of the component in some other component
Yes - that is exactly what @RenderBody does. Cheers Richard Marko Mrkus wrote: Sorry, formatting of the last message was awful... Here's the message again: Hi, all! Can you tell me is it possible to render body of a component in some other component which is wrapped by this first one in Tapestry 4.1? I have an example: Page html: div jwcid=@Component pThis is top level component's body/p /div Component.jwc: div jwcid=$content$ div Haeder /div div jwcid=@For source=ognl:somePropArray value=ognl:currentProp div jwcid=@InnerComponent !-- Inner Component presents the body of the top level component -- pThis is top level component's body/p div /div div Footer /div /div Maybe use of @RenderBody component for @InnerComponent? Thanks for your time, Marko - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- Richard Kirby, Technical Director Email: r...@capdm.com Phone: 0131 477 8629 Fax: 0131 477 8621 Email: enquir...@capdm.com Website: www.capdm.com CAPDM Limited Registered in Scotland: SC168970 VAT: 682 846 983 Registered address: 22 Forth Street, Edinburgh, EH1 3LH, UK === - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Render body of the component in some other component
use RenderBody instead of InnerComponent If for every iteration you want to pass dynamic data from @Component to the components that exist in the body of @Component, you can use the requestCycle, i.e. cycle.setAttribute() cycle.getAttribute() On Fri, Aug 14, 2009 at 4:27 PM, Marko Mrkusmarko.mr...@bumblehood.com wrote: Sorry, formatting of the last message was awful... Here's the message again: Hi, all! Can you tell me is it possible to render body of a component in some other component which is wrapped by this first one in Tapestry 4.1? I have an example: Page html: div jwcid=@Component pThis is top level component's body/p /div Component.jwc: div jwcid=$content$ div Haeder /div div jwcid=@For source=ognl:somePropArray value=ognl:currentProp div jwcid=@InnerComponent !-- Inner Component presents the body of the top level component -- pThis is top level component's body/p div /div div Footer /div /div Maybe use of @RenderBody component for @InnerComponent? Thanks for your time, Marko - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- Andreas Andreou - andy...@apache.org - http://blog.andyhot.gr Tapestry / Tacos developer Open Source / JEE Consulting - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Does T5 work with JPA ?
Yes, all included in my pom.xml. If I haven't dependencies my tests wouldn't work during a mvn install... Scot Mcphee a écrit : Doesn't Tomcat - it being just a servlet and JSP engine and not a full blown JEE specification implementation - not have any actual JPA implementation? Are you including one in your WAR file, e.g. Hibernate? 2009/8/14 bdumeny bdum...@cvf.fr: Thiago H. de Paula Figueiredo a écrit : Em Fri, 14 Aug 2009 09:42:34 -0300, bdumeny bdum...@cvf.fr escreveu: Hi all! Hi! I try to develop a T5 / jpa application! All junits tests on my DAOS work but when I try to deploy on tomcat I still have a No Persistence provider for EntityManager name ... error when I call DAOs. My persistence.xml seams to be at good place... So my question is : Is it possible that T5 don't work with jpa ? I don't think this is a Tapestry-related issue, as it doesn't touch anything beside page, component and mixin classes. This looks like a misplaced persistence.xml or the way you create your EntityManagers in your web app. Missplaced persistence.xml was my first idea, but it's placed in WEB-INF/classes/META-INF/ .. My entity manager factory is static in my DAO : private EntityManagerFactory emFactory = Persistence.createEntityManagerFactory(MY_PERSISTENCE); private EntityManager em; public MyDAOImpl(){ try { em = emFactory.createEntityManager(); } catch (Exception ex) { ex.printStackTrace(); } } and My DAO is injected in my tml Page. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Does T5 work with JPA ?
2009/8/15 bdumeny bdum...@cvf.fr: Yes, all included in my pom.xml. If I haven't dependencies my tests wouldn't work during a mvn install... well not strictly true seeing as you could could have it in a test scope (e.g. something I often do with the HSQL classes). sorry i had to ask the obvious question. it's been a while since I tried to use hibernate in a pure JPA mode, and that wasn't with tapestry. I usually go straight for hibernate-native configuration. anyway is there a more comprehensive stack trace? -- let x=x - http://crazymcphee.net/x/ xray dubs - http://autonomous.org/music/ - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Does T5 work with JPA ?
There is no specified scope for jpa dependencies... If only someone tells me that it's possible... I haven't found any example of use t5/jpa Message : org.apache.tapestry5.runtime.ComponentEventException No Persistence provider for EntityManager named MY_APP Stack trace * javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:56) * javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:34) * fr.bd.pages.Search.onSuccess(Search.java:128) * fr.bd.pages.Search.dispatchComponentEvent(Search.java) * org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:886) * org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1059) * org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.triggerContextEvent(InternalComponentResourcesImpl.java:228) * org.apache.tapestry5.corelib.components.Form._$advised$onAction(Form.java:408) * org.apache.tapestry5.corelib.components.Form$onAction$invocation_123194ee67c.invokeAdvisedMethod(Form$onAction$invocation_123194ee67c.java) * org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:71) * org.apache.tapestry5.ioc.internal.services.LoggingAdvice.advise(LoggingAdvice.java:45) * org.apache.tapestry5.internal.transform.LogWorker$1.advise(LogWorker.java:54) * org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:80) * org.apache.tapestry5.corelib.components.Form.onAction(Form.java) * org.apache.tapestry5.corelib.components.Form.dispatchComponentEvent(Form.java) * org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:894) * org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1059) * org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:68) * org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42) * org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42) * org.apache.tapestry5.services.TapestryModule$44.handle(TapestryModule.java:2105) * org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:127) * org.apache.tapestry5.services.TapestryModule$17.service(TapestryModule.java:1029) * fr.bd.services.AppModule$1.service(AppModule.java:105) * org.apache.tapestry5.internal.services.LocalizationFilter.service(LocalizationFilter.java:42) * org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26) * org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:621) * org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:611) * org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85) * org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:93) * org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:84) * org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:83) * org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:106) * org.apache.tapestry5.services.TapestryModule$16.service(TapestryModule.java:1007) * org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62) * org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:179) * org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) * org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) * org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) * org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) * org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) * org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) * org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) * org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) * org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) * org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) *
T5.1 t:body question
Hi all, I know I'm still learning, but I'm a bit puzzled as to why: t:body/ works just fine, but: span t:type=body/ and span t:type=Body/ both error out with: org.apache.tapestry5.ioc.internal.util.TapestryException Unable to resolve 'body' to a component class name. Available component types: ActionLink, AddRowLink, AjaxFormLoop, Any, BeanDisplay, BeanEditForm, BeanEditor, Checkbox, DateField, Delegate, Errors, EventLink, ExceptionDisplay, Form, FormFragment, FormInjector, Grid, GridCell, GridColumns, GridPager, GridRows, Hidden, If, Label, Layout, LinkSubmit, Loop, Output, OutputRaw, PageLink, Palette, PasswordField, ProgressiveDisplay, PropertyDisplay, PropertyEditor, Radio, RadioGroup, RemoveRowLink, RenderObject, Select, Submit, SubmitNotifier, TextArea, TextField, TextOutput, Unless, Zone. I'm assuming t:body isn't really a component, but a different form of magic. Are there other components that aren't really components and should t:body also support invisible instrumentation, too? Thanks again! mrg - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
RE: Render body of the component in some other component
Thanks, I just wanted to make sure that this component is the right tool for the job! My job is to build Pagination component which will use filter and pages for rendering component which is wrapped by Pagination component. Sample usage could be: div jwcid=@Pagination source=ognl:paginationModel value=ognl:currentValue div jwcid=@IteratedComponent / /div And IteratedComponent must be unaware of PaginationComponent. Template which InnerComponent could have is: div jwcid=@Insert value=ognl:currentValue.someProp / div jwcid=@Insert value=ognl:currentValue.someOtherProp / ... So it's something similar like @For component but with pagination and filtering :) -Original Message- From: andre...@gmail.com [mailto:andre...@gmail.com] On Behalf Of Andreas Andreou Sent: Friday, August 14, 2009 3:46 PM To: Tapestry users Subject: Re: Render body of the component in some other component use RenderBody instead of InnerComponent If for every iteration you want to pass dynamic data from @Component to the components that exist in the body of @Component, you can use the requestCycle, i.e. cycle.setAttribute() cycle.getAttribute() On Fri, Aug 14, 2009 at 4:27 PM, Marko Mrkusmarko.mr...@bumblehood.com wrote: Sorry, formatting of the last message was awful... Here's the message again: Hi, all! Can you tell me is it possible to render body of a component in some other component which is wrapped by this first one in Tapestry 4.1? I have an example: Page html: div jwcid=@Component pThis is top level component's body/p /div Component.jwc: div jwcid=$content$ div Haeder /div div jwcid=@For source=ognl:somePropArray value=ognl:currentProp div jwcid=@InnerComponent !-- Inner Component presents the body of the top level component -- pThis is top level component's body/p div /div div Footer /div /div Maybe use of @RenderBody component for @InnerComponent? Thanks for your time, Marko - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- Andreas Andreou - andy...@apache.org - http://blog.andyhot.gr Tapestry / Tacos developer Open Source / JEE Consulting - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: T5.1 t:body question
Em Fri, 14 Aug 2009 11:57:09 -0300, Michael Gentry mgen...@masslight.net escreveu: I'm assuming t:body isn't really a component, but a different form of magic. t:body/ is not a component. Are there other components that aren't really components Take a look at http://tapestry.apache.org/tapestry5.1/guide/templates.html, section Tapestry Elements. and should t:body also support invisible instrumentation, too? Using t:type for both components and Tapestry-specific tags (t:body, etc) would cause a lot of confusion and would require some level rewriting of the template parser. Even using other attribute would require this rewriting, so I don't know if it's worth the hassle. -- Thiago H. de Paula Figueiredo Independent Java consultant, developer, and instructor http://www.arsmachina.com.br/thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: About Tapestry HttpServletRequest
I know tapestry-upload. But it need to submit. What I use is a flash/javascript fileUpload addon(SWFUpload:http://www.swfupload.org/). Files can be uploaded without submit. I set a Tapestry page to receive the file. In PHP, Struts and jsp, it works well. I just want to find a Tapestry way. I am looking for where goes wrong. The InputStream.read() is -1 the first time calling, and the request.getContentLength() is not 0. It seems the InputStream of request has been read by Tapestry Filter or something. When it comes to me, there is nothing to read from. 2009-08-14 sohu
Re: T5.1 t:body question
On Fri, Aug 14, 2009 at 11:05 AM, Thiago H. de Paula Figueiredothiag...@gmail.com wrote: Em Fri, 14 Aug 2009 11:57:09 -0300, Michael Gentry mgen...@masslight.net escreveu: Take a look at http://tapestry.apache.org/tapestry5.1/guide/templates.html, section Tapestry Elements. I had seen that section before, but it wasn't really clear (to me, anyway -- a T5.1 newbie who has also used T4) that it was really different. and should t:body also support invisible instrumentation, too? Using t:type for both components and Tapestry-specific tags (t:body, etc) would cause a lot of confusion and would require some level rewriting of the template parser. Even using other attribute would require this rewriting, so I don't know if it's worth the hassle. It may not be worth the hassle, but given that t:body (not a component) looks pretty much like t:if, t:form, t:loop, t:textfield, etc. (components), I think it is a bit confusing. It looks like a duck (component), but doesn't quack. Also, Body was a real component in T4, so that might add to the confusion for anyone moving on to T5. Thanks again Thiago! mrg - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Problem with custom ValidationDecorator for Ajax form submissions
We've developed our own custom ValidationDecorator which works nicely. To activate it for a form we're pushing it onto the environment in the setupRender for each component/page with a form that needs validation, like this: @BeginRender void setup(MarkupWriter writer) { environment.push(ValidationDecorator.class, new InlineValidationDecorator(environment, writer, spacerImage, false)); } (inspired by http://markmail.org/message/pq5u53h4njwldygz) A corresponding JavaScript file is also included into the page which overrides the client side behaviour from tapestry.js the way we want it. This all works fine until we do Ajax form submission where our InlineValidationDecorator is not being pushed onto the environment for the partial page render. This is being activated by returning a block from the submit event handler. So, any ideas how to do this? I'm not the first person to hit this stumbling block, Inge posted about this here: http://markmail.org/message/izdmsolr626wog4k This is pretty serious, we really need to solve this issue for our upcoming milestone release. Thanks, Andy.
Re: T5.1 t:body question
The question was: do we introduce one XML namespace for Tapestry components and a second one for the (finite set) of Tapestry directives? I chose to have a single namespace. This could be changed in the future to have a distinct XML namespace for components and a separate one for directives. The XML namespace URI would be used to maintain backwards compatibility. On Fri, Aug 14, 2009 at 8:23 AM, Michael Gentrymgen...@masslight.net wrote: On Fri, Aug 14, 2009 at 11:05 AM, Thiago H. de Paula Figueiredothiag...@gmail.com wrote: Em Fri, 14 Aug 2009 11:57:09 -0300, Michael Gentry mgen...@masslight.net escreveu: Take a look at http://tapestry.apache.org/tapestry5.1/guide/templates.html, section Tapestry Elements. I had seen that section before, but it wasn't really clear (to me, anyway -- a T5.1 newbie who has also used T4) that it was really different. and should t:body also support invisible instrumentation, too? Using t:type for both components and Tapestry-specific tags (t:body, etc) would cause a lot of confusion and would require some level rewriting of the template parser. Even using other attribute would require this rewriting, so I don't know if it's worth the hassle. It may not be worth the hassle, but given that t:body (not a component) looks pretty much like t:if, t:form, t:loop, t:textfield, etc. (components), I think it is a bit confusing. It looks like a duck (component), but doesn't quack. Also, Body was a real component in T4, so that might add to the confusion for anyone moving on to T5. Thanks again Thiago! mrg - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- Howard M. Lewis Ship Creator of Apache Tapestry - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Tapestry web framework evaluation and test
Hello, I have finally finished the evaluation of Tapestry. I would like to thank you for your feedbacks, which helped a lot to write the article. You can find the article on my website. http://www.laliluna.de/tapestry-webframework-evaluation-test.html It is part of the web framework series. http://www.laliluna.de/the-web-framework-evaluation.html -- Best Regards / Viele Grüße Sebastian Hennebrueder - Software Developer and Trainer for Hibernate / Java Persistence http://www.laliluna.de - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Tapestry web framework evaluation and test
Very nice Sebastian ! thanks! On Fri, Aug 14, 2009 at 8:24 PM, Sebastian Hennebruederuse...@laliluna.de wrote: Hello, I have finally finished the evaluation of Tapestry. I would like to thank you for your feedbacks, which helped a lot to write the article. You can find the article on my website. http://www.laliluna.de/tapestry-webframework-evaluation-test.html It is part of the web framework series. http://www.laliluna.de/the-web-framework-evaluation.html -- Best Regards / Viele Grüße Sebastian Hennebrueder - Software Developer and Trainer for Hibernate / Java Persistence http://www.laliluna.de - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: @OnEvent annotated methods not firing
Register.java: package com.packtpub.celebrity.collector.pages; import org.apache.tapestry5.EventConstants; import org.apache.tapestry5.SelectModel; import org.apache.tapestry5.annotations.OnEvent; import org.apache.tapestry5.annotations.Persist; import org.apache.tapestry5.ioc.Messages; import org.apache.tapestry5.ioc.annotations.Inject; import org.apache.tapestry5.util.EnumSelectModel; import org.slf4j.Logger; import com.packtpub.celebrity.collector.model.Country; import com.packtpub.celebrity.collector.model.Gender; public class Register { @Inject private Logger logger; @Persist private String userName; @Persist private String password; private String password2; @Persist private Gender gender; @Persist private boolean subscribe; private boolean unsubscribe; @Persist private String email; @Inject private Messages messages; @Persist private Country country; public SelectModel getCountries() { return new EnumSelectModel(Country.class, messages); } @OnEvent(component=submitButton, value=EventConstants.SELECTED) void onSubmitButton() { logger.debug(Submit Button was Pressed!); if(unsubscribe) { subscribe = false; } } @OnEvent(component=resetButton, value=EventConstants.SELECTED) void onResetButton() { userName = null; password = null; password2 = null; email = null; gender = null; subscribe = false; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getPassword2() { return password2; } public void setPassword2(String password2) { this.password2 = password2; } public Gender getGender() { return gender; } public void setGender(Gender gender) { this.gender = gender; } public Gender getMale() { return Gender.MALE; } public Gender getFemale() { return Gender.FEMALE; } public boolean isSubscribe() { return subscribe; } public void setSubscribe(boolean subscribe) { this.subscribe = subscribe; } public void setUnsubscribe(boolean unsubscribe) { this.unsubscribe = unsubscribe; } public boolean isUnsubscribe() { return unsubscribe; } public boolean isPasswordNotSubmitted() { return userName == null; } public void setCountry(Country country) { this.country = country; } public Country getCountry() { return country; } } Register.tml: !DOCTYPE html html xmlns=http://www.w3.org/1999/xhtml; xmlns:t=http://tapestry.apache.org/schema/tapestry_5_1_0.xsd; xmlns:p=tapestry:parameter xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://tapestry.apache.org/schema/tapestry_5_1_0.xsd http://tapestry.apache.org/schema/tapestry_5_1_0.xsd; t:type=layout title=Registration pRegistration/p t:form t:id=registrationForm table tr tdlabel t:type=label t:for=userName/label:/td tdinput type=text t:type=textfield t:id=userName t:value=userName//td /tr t:if t:test=passwordNotSubmitted tr tdlabel t:type=label t:for=password/label:/td tdinput type=text t:type=passwordfield t:id=password t:value=password//td /tr tr tdlabel t:type=label t:for=password2/label:/td tdinput type=text t:type=passwordfield t:id=password2 t:value=password2//td /tr /t:if tr tdGender:/td td t:radiogroup t:value=gender input type=radio t:type=radio t:value=male/ Male input type=radio t:type=radio t:value=female/ Female /t:radiogroup /td /tr tr t:if t:test=subscribe tdlabel t:type=label t:for=email/label:/td td input type=text t:type=textfield t:id=email t:value=email/ input type=checkbox t:type=checkbox t:value=unsubscribe onclick=this.form.submit()/ I don't want to subscribe. /td t:parameter t:name=else
Render Page to file, etc
I have a need to make my Tapestry 4.1 Pages available in pdf format but having no luck to-date on my own. My apologies if soliciting this list is inappropriate here, but I do have a consulting budget available to get this done if anyone is interested.
Re: [T5] Does T5 work with JPA ?
2009/8/15 bdumeny bdum...@cvf.fr: There is no specified scope for jpa dependencies... And the hibernate.jar is definitely in the generated WAR file? Otherwise try scope 'compile'. Obviously the javax.persistence jar is. If only someone tells me that it's possible... I haven't found any example of use t5/jpa Well, as I said, I've never tried, I'm usually happy to directly use hibernate rather than bother with JPA. That stack trace has me stumped. Can you use hibernate directly? scot -- let x=x - http://crazymcphee.net/x/ xray dubs - http://autonomous.org/music/ - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Security of files in the classpath
http://jumpstart.doublenegative.com.au:8080/jumpstart/assets/ctx/9f6f05886c53821a/WEB-INF/classes/jumpstart/web/services/AppModule.class you can access the entire web app, it even gives you directory listings Geoff Callender-2 wrote: Isn't this simply due to a Maven convention which has passed its use by date? Why not put .java, .tml, and .properties together in the source tree, and compile them all into WEB-INF/classes/ where they're automatically hidden from the users? Surely this makes so much sense. It's what I do with Ant and it seems to work a treat. Or have I missed something? Eg. correct me if I'm wrong but I'm pretty sure that only the css and images are downloadable from here: http://jumpstart.doublenegative.com.au:8080/jumpstart/ Geoff On 14/08/2009, at 7:07 PM, Juan E. Maya wrote: The ResourceDigestGenerator by default secures files with extension: .tml and .class. To add more restrictions you'd have to contribute ResourceDigestGenerator. Something like this: public static void contributeResourceDigestGenerator(ConfigurationString configuration) { configuration.add(properties); configuration.add(xml); } However i agree that this should be documented or even created by the maven archetype. It's something a new user could easily forget with devastating consequences. On Fri, Aug 14, 2009 at 4:29 AM, kartweelr...@exemail.com.au wrote: Hi Guys, Sorry to pull up an old thread, but there doesn't seem to be a lot about this topic. Was there ever a nice solution implemented for this? 2 years of tapestry framework development later and I can still download all my class files. I've restricted assets to authenticated users using a method like below, but I thought by now we wouldn't need to be adding custom solutions to manage this and it would be part of the core project?? Robert Zeigler wrote: I don't plan on changing the default configuration from whitelist to blacklist... it's the fallback. I'm a fan of deny unless explicitly authorized, as well. The AssetProtectionDispatcher takes an ordered configuration of AssetPathAuthorizer's, with the default whitelist implementation being the catch all final authorizer in what amounts to a chain of command. So you can certainly contribute your own implementations of authorizer on top of the default. Having a pattern matching whitelist would certainly be useful; I'm in a time crunch at the moment (and basically will be until the end of August), but in the beginning of September, I will rework the default WhitelistAuthorizer to accept url patterns. Robert On Aug 3, 2007, at 8/38:27 AM , Thiago H de Paula Figueiredo wrote: On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand farm...@linagora.com wrote: Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is explicit authorization : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. That's a very good point. ;) But I agree that the white list should authorize jokers to enable *.jpg kind of filter (and if you name your confidential file picture_of_my_secret_weapon.jpg, well, to bad for you ;) Maybe we could allow any .jpg, .gif, .jpg and .css file by default and explicitly whitelist the rest. And no, I don't want to see the picture of your secret weapon, whatever it is. :P Thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24965558.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24980563.html Sent from the Tapestry - User mailing list archive at Nabble.com.
Re: [T5] Security of files in the classpath
Ouch, now I get it. WEB-INF and all its contents are in fact visible, directly below yourapp/assets/ctx//, and it's not hard to find out the value of . Suggestions anyone? On 15/08/2009, at 10:34 AM, kartweel wrote: http://jumpstart.doublenegative.com.au:8080/jumpstart/assets/ctx/9f6f05886c53821a/WEB-INF/classes/jumpstart/web/services/AppModule.class you can access the entire web app, it even gives you directory listings Geoff Callender-2 wrote: Isn't this simply due to a Maven convention which has passed its use by date? Why not put .java, .tml, and .properties together in the source tree, and compile them all into WEB-INF/classes/ where they're automatically hidden from the users? Surely this makes so much sense. It's what I do with Ant and it seems to work a treat. Or have I missed something? Eg. correct me if I'm wrong but I'm pretty sure that only the css and images are downloadable from here: http://jumpstart.doublenegative.com.au:8080/jumpstart/ Geoff On 14/08/2009, at 7:07 PM, Juan E. Maya wrote: The ResourceDigestGenerator by default secures files with extension: .tml and .class. To add more restrictions you'd have to contribute ResourceDigestGenerator. Something like this: public static void contributeResourceDigestGenerator(ConfigurationString configuration) { configuration.add(properties); configuration.add(xml); } However i agree that this should be documented or even created by the maven archetype. It's something a new user could easily forget with devastating consequences. On Fri, Aug 14, 2009 at 4:29 AM, kartweelr...@exemail.com.au wrote: Hi Guys, Sorry to pull up an old thread, but there doesn't seem to be a lot about this topic. Was there ever a nice solution implemented for this? 2 years of tapestry framework development later and I can still download all my class files. I've restricted assets to authenticated users using a method like below, but I thought by now we wouldn't need to be adding custom solutions to manage this and it would be part of the core project?? Robert Zeigler wrote: I don't plan on changing the default configuration from whitelist to blacklist... it's the fallback. I'm a fan of deny unless explicitly authorized, as well. The AssetProtectionDispatcher takes an ordered configuration of AssetPathAuthorizer's, with the default whitelist implementation being the catch all final authorizer in what amounts to a chain of command. So you can certainly contribute your own implementations of authorizer on top of the default. Having a pattern matching whitelist would certainly be useful; I'm in a time crunch at the moment (and basically will be until the end of August), but in the beginning of September, I will rework the default WhitelistAuthorizer to accept url patterns. Robert On Aug 3, 2007, at 8/38:27 AM , Thiago H de Paula Figueiredo wrote: On Fri, 03 Aug 2007 10:03:37 -0300, Francois Armand farm...@linagora.com wrote: Thiago H de Paula Figueiredo wrote: Would a black list intead of a white list better? I suppose there are less files to hide than files to allow access. Well, I think that one of the best principle in security is explicit authorization : you just do not want that a confidential file is accessible by error, because a user forgot to hide it. That's a very good point. ;) But I agree that the white list should authorize jokers to enable *.jpg kind of filter (and if you name your confidential file picture_of_my_secret_weapon.jpg, well, to bad for you ;) Maybe we could allow any .jpg, .gif, .jpg and .css file by default and explicitly whitelist the rest. And no, I don't want to see the picture of your secret weapon, whatever it is. :P Thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24965558.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [T5] Security of files in the classpath
I thought the digest generator is meant to make a different digest for each file, but it seems to be for the whole app?, or is that bit something to do with app versioning for caching and what not and not the digest?. This whole thread has some ideas for a white list approach to files on the classpath, but I thought by now tapestry would have something out of the box rather than a custom solution for it... I'm having a look into the resourceDigestGenerator, but at the moment it isn't the highest thing on my list. Geoff Callender-2 wrote: Ouch, now I get it. WEB-INF and all its contents are in fact visible, directly below yourapp/assets/ctx//, and it's not hard to find out the value of . Suggestions anyone? -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24981387.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org