Re: demo aplication
Il 30/12/2009 18:54, Alfonso Quiroga ha scritto: I know about jumpstart, but that's like different solutions for specifics things, not a complete app. I think it would be fine to have a complete demo app, maybe using hibernate + hsqldb, some custom component, etc, for a begginer Yes, please. It would be very useful to see a real-world, working T5 application using Hibernate (or JPA) and HSQLDB or MySQL, even if there is already some (good) example of such code. The use of ORMs can still hide a few problems (like this: http://wiki.apache.org/tapestry/Tapestry5AvoidingDifferentObjectWithSameIDExceptions ) and any more snippet of sample code would be useful for the new users. Thanks -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ Reality is that which, when you stop believing in it, doesn't go away. -- Philip K. Dick - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Il 29/12/2009 12:45, Vangel V. Ajanovski ha scritto: +1 from me for putting such article in the official documentation on the website, because blogs are (by nature) relevant for a moment in time and if it's put in the official documentation one would have to check and sign that this works on every new release. And +1 for me, as well. Such info should stay in plain sight in the HowTo section of the wiki and/or in the official docu. -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ If man hasn't discovered something that he will die for, he isn't fit to live. -- Martin Luther King - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Il 29/12/2009 21:32, Alex Kotchnev ha scritto: chenillekit-access, and a bunch more). As much as people have a tendency to complain that spring security is too complicated, it seems that any other solution (e.g. based on T5 IoC) that attempts to provide the same level of flexibility and generality will eventually end up with similar complexity ( and will most likely never have the mind market share of spring security). Thus, it seems to me that the effort to provide a new framework to do all of this is somewhat futile. Actually, maybe there is a need for TWO different solutions: 1) A quite basic module, or even a well-documented demo, that just takes into account the most common requirements and uses a set of sensible defaults. This basic package should not have to be extensible or flexible. It should just have to be usable and understandable. It would be mostly used to study this problem and to see how to solve it in a Tapestry-like way. It would also be used as a quickdirty solution for the most basic applications. IMHO, this solution should be developed with Tapestry annotations (see: http://tapestryjava.blogspot.com/2009/12/securing-tapestry-pages-with.html) and used as a demo of such programming technique, as well. 2) An enterprise-level module, like Spring Security. This solution should have to be flexible and extendible. It should be able to deal with LDAP, OpenID, JASIG CAS and other providers. It would be used for complex, enterprise-level apps. An alternative approach (which seems to be quite successful in Grails land) seems to be to provide integration simplification w/ existing security frameworks that already have all of the flexibility (and complexity) that you talk about . For example. in Grails using the spring security plugin comes down to installing the plugin and annotating your controllers w/ Roles - it certainly reduces the number of available options (thus making it less flexible) but the ease of getting started with it is quite attractive . This would a very good solution for this problem and I vote for it. Despite this, it would be very little tapestrystic (it rhimes with pythonistic)... I mean: it would miss the apportunity to contribute in making a more componentized, elegant working environment for all of us. If the desire is to provide a pure T5 based solution, why not take one of the existing security modules (e.g. chenillekit-access) and analyze its approach and improve it instead of starting from scratch (and use the forum as an opportunity to improve extend the same existing component) ? This approach is exactly what I would expect for the enterprise-level module I described above (case 2). It could/should be something like ACEGI or Swarm/Wasp and it should be very standardized, quite extensible/flexible and very well tested. It could be based on annotations or on other techniques, depending on the judgment of the developing community. Most likely, it would deserve a separated project. JM2C -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ Life is a sexually transmitted disease, and it's 100% fatal. -- Unknown - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Il 29/12/2009 21:32, Alex Kotchnev ha scritto: approach. As Thiago already mentioned, there are at least a few more solutions that attempt to provide this (e.g. Thiago's own, chenillekit-access, and a bunch more). Let's me play the Devil's advocate for a moment... ChenilleKit-Access is an example of why the typical new user (like me) will NOT use such a solution, no matter how good and elegant it could be. The reason is that the ONLY official documentation you can find using Google is the following quote Introduction ChenilleKit Access module sits in between your page processing logic and the client HTTP request, doing so it is able to decide when and how the request can pass through or not. For doing so it needs two different steps. First it put RestrictedWorker into the ComponentClassTranformWorker pipeline, this class is responsible to read the annotation class and store various meta information needed by AccessValidator. Second it put two Dispatcher into two different pipelines for intercepting page render and component event action requests to check if they're directed to restricted class/events and to apply the needed constraints. /quote I'm sorry but I have to say that many (or most?) new users will not have neither the time nor the patience to study the JavaDoc or the source code just to figure out how to use this (or any other) library, no matter how simple it can be. Moreover, in many cases it would be very hard to convince the project leader or the end user to accept a (sorry Thiago ) not-canonical, little known, little documented, maybe-risky library like this one. For what regards me, for example, I would be forced to look for a widely-recognized, well-tested, well-documented, standard module, inside or outside the Tapestry world (Acegi?) or, as an alternative, to demonstrate that ChenilleKit is the right tool for the task at hand (being ready to pay for any possible error about my judgment...). Just the voice of the Devil, anyway... ;-) PS: Yes, I'm aware of this article: http://www.equanda.org/templates/login.html . -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ They say if you play a Microsoft CD backwards, you hear satanic messages. That's nothing, cause if you play it forwards, it installs Windows. -- Unknown - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: errors
Em Thu, 31 Dec 2009 01:15:04 -0200, Angelo Chen angelochen...@yahoo.com.hk escreveu: Hi, Hi! I'd suggest that t:errors should have an option to display only one message instead of all the messages returned from the server, I don't think it's a good idea. Suppose an user fills a form with three errors. Just one is shown. User corrects this error. Validation fails again. One message is shown. User corrects this error. Validation fails again. ... -- Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and instructor Owner, software architect and developer, Ars Machina Tecnologia da Informação Ltda. http://www.arsmachina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Em Thu, 31 Dec 2009 08:44:00 -0200, Alessandro Bottoni alexbott...@gmail.com escreveu: 1) A quite basic module, or even a well-documented demo, that just takes into account the most common requirements and uses a set of sensible defaults. This basic package should not have to be extensible or flexible. A demo with this features would be a very good idea. 2) An enterprise-level module, like Spring Security. This solution should have to be flexible and extendible. It should be able to deal with LDAP, OpenID, JASIG CAS and other providers. It would be used for complex, enterprise-level apps. Re-implement something like Spring Security is not feasible, IMHO. It would need people who know a lot about security, and Tapestry is a Web framework. In addition, that's an awful lot of code to write and, AFAIK, very few projects use these security providers (besides OpenID). We should focus on what will be useful for the most people. I don't think using Spring Security the Tapestry security module because it forces the use of Spring. I still need to take a look at JSecurity/Apache Shiro, but I guess it would fill this need better. -- Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and instructor Owner, software architect and developer, Ars Machina Tecnologia da Informação Ltda. http://www.arsmachina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Em Thu, 31 Dec 2009 09:16:15 -0200, Alessandro Bottoni alexbott...@gmail.com escreveu: Il 29/12/2009 21:32, Alex Kotchnev ha scritto: approach. As Thiago already mentioned, there are at least a few more solutions that attempt to provide this (e.g. Thiago's own, chenillekit-access, and a bunch more). Let's me play the Devil's advocate for a moment... I guess Alex suggested to start the development of a Tapestry security package based on some package that already exists, not adopting them as part of the Tapestry project as they are now. We all agree that documentation is key and should be improved. Moreover, in many cases it would be very hard to convince the project leader or the end user to accept a (sorry Thiago ) not-canonical, little known, little documented, maybe-risky library like this one. I never suggested that someone should use a little documented package, so I don't know why you're apologizing to me. :) Little-known library? Unfortunately, Tapestry is not a very well-known library AFAIK. :( -- Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and instructor Owner, software architect and developer, Ars Machina Tecnologia da Informação Ltda. http://www.arsmachina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Hi Allesandro, i totally agree with you. The documentation of the ChenilleKit-Modules is bad or lacks at some points. One of our good intentions for 2010 is to write more and better docs. with regards Sven Homburg Founder of the Chenille Kit Project http://chenillekit.codehaus.org 2009/12/31 Alessandro Bottoni alexbott...@gmail.com Il 29/12/2009 21:32, Alex Kotchnev ha scritto: approach. As Thiago already mentioned, there are at least a few more solutions that attempt to provide this (e.g. Thiago's own, chenillekit-access, and a bunch more). Let's me play the Devil's advocate for a moment... ChenilleKit-Access is an example of why the typical new user (like me) will NOT use such a solution, no matter how good and elegant it could be. The reason is that the ONLY official documentation you can find using Google is the following quote Introduction ChenilleKit Access module sits in between your page processing logic and the client HTTP request, doing so it is able to decide when and how the request can pass through or not. For doing so it needs two different steps. First it put RestrictedWorker into the ComponentClassTranformWorker pipeline, this class is responsible to read the annotation class and store various meta information needed by AccessValidator. Second it put two Dispatcher into two different pipelines for intercepting page render and component event action requests to check if they're directed to restricted class/events and to apply the needed constraints. /quote I'm sorry but I have to say that many (or most?) new users will not have neither the time nor the patience to study the JavaDoc or the source code just to figure out how to use this (or any other) library, no matter how simple it can be. Moreover, in many cases it would be very hard to convince the project leader or the end user to accept a (sorry Thiago ) not-canonical, little known, little documented, maybe-risky library like this one. For what regards me, for example, I would be forced to look for a widely-recognized, well-tested, well-documented, standard module, inside or outside the Tapestry world (Acegi?) or, as an alternative, to demonstrate that ChenilleKit is the right tool for the task at hand (being ready to pay for any possible error about my judgment...). Just the voice of the Devil, anyway... ;-) PS: Yes, I'm aware of this article: http://www.equanda.org/templates/login.html . -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ They say if you play a Microsoft CD backwards, you hear satanic messages. That's nothing, cause if you play it forwards, it installs Windows. -- Unknown - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: errors
Agreed. A better solution would be to fix https://issues.apache.org/jira/browse/TAP5-52 On Thu, Dec 31, 2009 at 1:04 PM, Thiago H. de Paula Figueiredo thiag...@gmail.com wrote: Em Thu, 31 Dec 2009 01:15:04 -0200, Angelo Chen angelochen...@yahoo.com.hk escreveu: Hi, Hi! I'd suggest that t:errors should have an option to display only one message instead of all the messages returned from the server, I don't think it's a good idea. Suppose an user fills a form with three errors. Just one is shown. User corrects this error. Validation fails again. One message is shown. User corrects this error. Validation fails again. ... -- Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and instructor Owner, software architect and developer, Ars Machina Tecnologia da Informação Ltda. http://www.arsmachina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org -- Best regards, Igor Drobiazko http://tapestry5.de/blog
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
Just to add my 2 cents ... imho it's best to build on an exiting framework like spring-security rather than trying to re-invent the wheel. acegi/spring-security has great traction in the market and it's very well documented. Recent versions are becoming much simpler due to sensible defaults but more esoteric use-cases are still supported. Toby 2009/12/31 Sven Homburg hombu...@googlemail.com Hi Allesandro, i totally agree with you. The documentation of the ChenilleKit-Modules is bad or lacks at some points. One of our good intentions for 2010 is to write more and better docs. with regards Sven Homburg Founder of the Chenille Kit Project http://chenillekit.codehaus.org 2009/12/31 Alessandro Bottoni alexbott...@gmail.com Il 29/12/2009 21:32, Alex Kotchnev ha scritto: approach. As Thiago already mentioned, there are at least a few more solutions that attempt to provide this (e.g. Thiago's own, chenillekit-access, and a bunch more). Let's me play the Devil's advocate for a moment... ChenilleKit-Access is an example of why the typical new user (like me) will NOT use such a solution, no matter how good and elegant it could be. The reason is that the ONLY official documentation you can find using Google is the following quote Introduction ChenilleKit Access module sits in between your page processing logic and the client HTTP request, doing so it is able to decide when and how the request can pass through or not. For doing so it needs two different steps. First it put RestrictedWorker into the ComponentClassTranformWorker pipeline, this class is responsible to read the annotation class and store various meta information needed by AccessValidator. Second it put two Dispatcher into two different pipelines for intercepting page render and component event action requests to check if they're directed to restricted class/events and to apply the needed constraints. /quote I'm sorry but I have to say that many (or most?) new users will not have neither the time nor the patience to study the JavaDoc or the source code just to figure out how to use this (or any other) library, no matter how simple it can be. Moreover, in many cases it would be very hard to convince the project leader or the end user to accept a (sorry Thiago ) not-canonical, little known, little documented, maybe-risky library like this one. For what regards me, for example, I would be forced to look for a widely-recognized, well-tested, well-documented, standard module, inside or outside the Tapestry world (Acegi?) or, as an alternative, to demonstrate that ChenilleKit is the right tool for the task at hand (being ready to pay for any possible error about my judgment...). Just the voice of the Devil, anyway... ;-) PS: Yes, I'm aware of this article: http://www.equanda.org/templates/login.html . -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ They say if you play a Microsoft CD backwards, you hear satanic messages. That's nothing, cause if you play it forwards, it installs Windows. -- Unknown - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: [Tapestry Central] Securing Tapestry pages with Annotations, Part 1
On 31.12.2009 11:44, Alessandro Bottoni wrote: 2) An enterprise-level module, like Spring Security. This solution should have to be flexible and extendible. It should be able to deal with LDAP, OpenID, JASIG CAS and other providers. It would be used for complex, enterprise-level apps. When you mention CAS, do you know that by using it you can in fact use both JDBC, LDAP, Active Directory, Radius, JAAS, Kerberos behind it all at the same time.. CAS can authenticate your users from many sources and they will see only a single login page. I have pretty positive experience with JASIG CAS and we have been using it for 4 years now. We use it for single-sign-on accross several applications (uPortal, Moodle, Trac, our Course Enrollment project based on Tapestry, another ASP.Net project, few other PHP apps etc). Why we decided on CAS. The userbase is mostly US universities with tens of thousands of students. If they trust it to keep users in or out of their services, why wouldn't we? 1. CAS has a service, which is a relatively small java web app (13MB war) that presents a login screen and redirects to your application if the user is authenticated. Very easy to configure. The setup is very very easy (XML based) and there are many configuration examples on the web and I was able to set it in under Tomcat and configure to connect to two active directory domains in just half an hour. So users from both domains can use my application and any other application that will be casified. 2. How to use it in the app? a. In your app you include a CAS client that checks the service if any user is logged in and what is the name of the user. This is again simple, you just read the username via some method from the client classes. b. If you don't like to put the client in your app, you can set it as a filter on the web server (in web.xml) to listen to several paths. So on each request if the user is logged in, a session variable will be set with the validated username. c. Both ways you get the username and you can then decide what to do about it. I think that's simple. Few XML configurations for the CAS service and a single line of code to get the username in your app. smime.p7s Description: S/MIME Cryptographic Signature
Help with Tapestry Page and iText
Hello, Happy new year to all!! (Its new year here in India).. Okay, i need a small help! I want to generate a PDF file, based on the generated page in Tapestry.. I've plans of using iText to generate PDF. Can any one help me? How to get it done!! PS: On cliking Download PDF link, the PDF should be generated on the fly, and then sent to user. - Ashwanth Kumar
