Re: Configuring pages to be invisible
Alejandro, I have just tried this approach with factory chains, but the solution still eludes me. I've tried every variation of creating the right chain for ruling out the index page and all other subfolders - besides one folder. This configuration is the closest of what I think should do the job: configuration.add(factory.createChain(/index).add(factory.notfound()).build()); configuration.add(factory.createChain(/hidden1/**).add(factory.notfound()).build()); configuration.add(factory.createChain(/hidden2/**).add(factory.notfound()).build()); but accessing http://localhost (or http://localhost/index) still renders the index page and the hidden pages. If I remove the first line (with /index), then I get 404 as expected for the hidden folders, but the index page is visible. I am running the app locally with Jetty (jetty-maven-plugin:8.1.9.v20130131). -borut 2013/3/29 Alejandro Scandroli alejandroscandr...@gmail.com Hi Borut Using tapestry-security you have a couple of options. If you have all the protected/hidden pages in the same folder you could do something like this: configuration.add(factory.createChain(/yourfolder/**).add(factory.notfound()).build()); If they are not in the same folder you can create one rule per folder or in the worst case one rule per page. The reversed logic would be, block access to the root / and then give anon access to your visible pages. configuration.add(factory.createChain(/assets/**).add(factory.anon()).build()); configuration.add(factory.createChain(/signin).add(factory.anon()).build()); configuration.add(factory.createChain(/visibleFolder/**).add(factory.anon()).build()); configuration.add(factory.createChain(/visiblePage1).add(factory.anon()).build()); configuration.add(factory.createChain(/visiblePage2).add(factory.anon()).build()); configuration.add(factory.createChain(/).add(factory.anon()).build()); configuration.add(factory.createChain(/**).add(factory.notfound()).build()); Please, be careful with this, eventlinks and forms in the visible pages may need their own rules. Finally, my preferred way to handle this is with a role. You could use something like @RequireRole(beta). Good luck with the launch. Alejandro. On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo thiag...@gmail.com wrote: On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina borut.bolc...@gmail.com wrote: Hello, Hi! What is the least obtrusive way to mark pages hidden in production mode or with some other configuration setting. I'd try adding a RequestFilter and have some logic there to define whether the request is for a hidden page. If yes, return a 404 error. -- Thiago H. de Paula Figueiredo - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Configuring pages to be invisible
Hi Borut For rulling out everything but one public folder this configuration should work. configuration.add(factory.createChain(/assets/**).add(factory.anon()).build()); configuration.add(factory.createChain(/public/**).add(factory.anon()).build()); configuration.add(factory.createChain(/**).add(factory.notfound()).build()); I've added the assets folder to the configuration for obvious reasons. If that doesn't work for you let me know and we'll take a closer look to the complete configuration. I've tested this with tapestry-security 0.5.0 and 0.4.6, which version are you using? Alejandro. On Tue, Apr 2, 2013 at 8:19 AM, Borut Bolčina borut.bolc...@gmail.com wrote: Alejandro, I have just tried this approach with factory chains, but the solution still eludes me. I've tried every variation of creating the right chain for ruling out the index page and all other subfolders - besides one folder. This configuration is the closest of what I think should do the job: configuration.add(factory.createChain(/index).add(factory.notfound()).build()); configuration.add(factory.createChain(/hidden1/**).add(factory.notfound()).build()); configuration.add(factory.createChain(/hidden2/**).add(factory.notfound()).build()); but accessing http://localhost (or http://localhost/index) still renders the index page and the hidden pages. If I remove the first line (with /index), then I get 404 as expected for the hidden folders, but the index page is visible. I am running the app locally with Jetty (jetty-maven-plugin:8.1.9.v20130131). -borut 2013/3/29 Alejandro Scandroli alejandroscandr...@gmail.com Hi Borut Using tapestry-security you have a couple of options. If you have all the protected/hidden pages in the same folder you could do something like this: configuration.add(factory.createChain(/yourfolder/**).add(factory.notfound()).build()); If they are not in the same folder you can create one rule per folder or in the worst case one rule per page. The reversed logic would be, block access to the root / and then give anon access to your visible pages. configuration.add(factory.createChain(/assets/**).add(factory.anon()).build()); configuration.add(factory.createChain(/signin).add(factory.anon()).build()); configuration.add(factory.createChain(/visibleFolder/**).add(factory.anon()).build()); configuration.add(factory.createChain(/visiblePage1).add(factory.anon()).build()); configuration.add(factory.createChain(/visiblePage2).add(factory.anon()).build()); configuration.add(factory.createChain(/).add(factory.anon()).build()); configuration.add(factory.createChain(/**).add(factory.notfound()).build()); Please, be careful with this, eventlinks and forms in the visible pages may need their own rules. Finally, my preferred way to handle this is with a role. You could use something like @RequireRole(beta). Good luck with the launch. Alejandro. On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo thiag...@gmail.com wrote: On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina borut.bolc...@gmail.com wrote: Hello, Hi! What is the least obtrusive way to mark pages hidden in production mode or with some other configuration setting. I'd try adding a RequestFilter and have some logic there to define whether the request is for a hidden page. If yes, return a 404 error. -- Thiago H. de Paula Figueiredo - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Configuring pages to be invisible
Hi Alejandro, the above example works ok! I moron had forgotten to remove contributeSecurityConfiguration in DevelopmentModule which was overriding configuration in AppModule. Those three lines are all I need. I have a form in the allowed page and it works as expected. What did you mean by additional rules for forms and eventlinks? Can you also give a hint about @RequireRole(beta)? Thanks for your time! 2013/4/2 Alejandro Scandroli alejandroscandr...@gmail.com Hi Borut For rulling out everything but one public folder this configuration should work. configuration.add(factory.createChain(/assets/**).add(factory.anon()).build()); configuration.add(factory.createChain(/public/**).add(factory.anon()).build()); configuration.add(factory.createChain(/**).add(factory.notfound()).build()); I've added the assets folder to the configuration for obvious reasons. If that doesn't work for you let me know and we'll take a closer look to the complete configuration. I've tested this with tapestry-security 0.5.0 and 0.4.6, which version are you using? Alejandro. On Tue, Apr 2, 2013 at 8:19 AM, Borut Bolčina borut.bolc...@gmail.com wrote: Alejandro, I have just tried this approach with factory chains, but the solution still eludes me. I've tried every variation of creating the right chain for ruling out the index page and all other subfolders - besides one folder. This configuration is the closest of what I think should do the job: configuration.add(factory.createChain(/index).add(factory.notfound()).build()); configuration.add(factory.createChain(/hidden1/**).add(factory.notfound()).build()); configuration.add(factory.createChain(/hidden2/**).add(factory.notfound()).build()); but accessing http://localhost (or http://localhost/index) still renders the index page and the hidden pages. If I remove the first line (with /index), then I get 404 as expected for the hidden folders, but the index page is visible. I am running the app locally with Jetty (jetty-maven-plugin:8.1.9.v20130131). -borut 2013/3/29 Alejandro Scandroli alejandroscandr...@gmail.com Hi Borut Using tapestry-security you have a couple of options. If you have all the protected/hidden pages in the same folder you could do something like this: configuration.add(factory.createChain(/yourfolder/**).add(factory.notfound()).build()); If they are not in the same folder you can create one rule per folder or in the worst case one rule per page. The reversed logic would be, block access to the root / and then give anon access to your visible pages. configuration.add(factory.createChain(/assets/**).add(factory.anon()).build()); configuration.add(factory.createChain(/signin).add(factory.anon()).build()); configuration.add(factory.createChain(/visibleFolder/**).add(factory.anon()).build()); configuration.add(factory.createChain(/visiblePage1).add(factory.anon()).build()); configuration.add(factory.createChain(/visiblePage2).add(factory.anon()).build()); configuration.add(factory.createChain(/).add(factory.anon()).build()); configuration.add(factory.createChain(/**).add(factory.notfound()).build()); Please, be careful with this, eventlinks and forms in the visible pages may need their own rules. Finally, my preferred way to handle this is with a role. You could use something like @RequireRole(beta). Good luck with the launch. Alejandro. On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo thiag...@gmail.com wrote: On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina borut.bolc...@gmail.com wrote: Hello, Hi! What is the least obtrusive way to mark pages hidden in production mode or with some other configuration setting. I'd try adding a RequestFilter and have some logic there to define whether the request is for a hidden page. If yes, return a 404 error. -- Thiago H. de Paula Figueiredo - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
RegistryShutdownHub replacement?
Now that RegistryShutdownHub has been deprecated in 5.3, is there a preferred way for services to be notified that the application is shutting down? Gratefully, Michael
Re: RegistryShutdownHub replacement?
As I know RegistryShutdownHub is not deprecated. RegistryShutdownListener is deprecated and can be replaced with a Runnable. http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/ioc/services/RegistryShutdownHub.html#addRegistryShutdownListener(java.lang.Runnable) On Tue, Apr 2, 2013 at 4:00 PM, Michael Prescott michael.r.presc...@gmail.com wrote: Now that RegistryShutdownHub has been deprecated in 5.3, is there a preferred way for services to be notified that the application is shutting down? Gratefully, Michael -- BR Ivan
Re: RegistryShutdownHub replacement?
Ah yes, of course you're absolutely correct. Thanks very much, Ivan. On 2 April 2013 09:17, Ivan Khalopik ikhalo...@gmail.com wrote: As I know RegistryShutdownHub is not deprecated. RegistryShutdownListener is deprecated and can be replaced with a Runnable. http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/ioc/services/RegistryShutdownHub.html#addRegistryShutdownListener(java.lang.Runnable) On Tue, Apr 2, 2013 at 4:00 PM, Michael Prescott michael.r.presc...@gmail.com wrote: Now that RegistryShutdownHub has been deprecated in 5.3, is there a preferred way for services to be notified that the application is shutting down? Gratefully, Michael -- BR Ivan
Ajax Parameter Handling
Given a simple contrived example like this: $('#button1').click(function (event) { $.get(specs.button1_url, { a: 'b', c: 'd'}) .done(function(data) { $(#responseDiv).text(data.response); }) }) I know I can handle that in my controller in at least these two ways: JSONObject onButton1Press() { logger.info(a: + request.getParameter(a) + c: + request.getParameter(c)); logger.info(request.getParameterNames().toString()); return new JSONObject(response, ok1); } JSONObject onButton1Press(@RequestParameter(a) String a, @RequestParameter(c) String c) { logger.info(a: + a + c: + c); return new JSONObject(response, ok2); } Ideally, I'd like to handle it like this: JSONObject onButton1Press(SimplePojo pojo) { logger.info(pojo.toString()); return new JSONObject(response, ok3); } I thought maybe I could contribute a ValueEncoder but that only sees individual parameters, not the whole request. Even this might work: JSONObject onButton1Press(JSONObject jsonObject) { SimplePojo pojo = SimplePojo.build(jsonObject); logger.info(pojo.toString()); return new JSONObject(response, ok4); } But I Tapestry doesn't seem to know how to handle that. I even tried changed the ajax params to: {params: { a: 'b', c: 'd'} } I supposed I could build the SimplePojo from the Request, but that just doesn't feel as clean to me. Any suggestions would be appreciated. Thanks Tony Nelson Since 1982, Starpoint Solutions has been a trusted source of human capital and solutions. We are committed to our clients, employees, environment, community and social concerns. We foster an inclusive culture based on trust, respect, honesty and solid performance. Learn more about Starpoint and our social responsibility at http://www.starpoint.com/social_responsibility This email message from Starpoint Solutions LLC is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Opinions, conclusions and other information in this message that do not relate to the official business of Starpoint Solutions shall be understood as neither given nor endorsed by it. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Ajax Parameter Handling
On Tue, 02 Apr 2013 11:03:04 -0300, Tony Nelson tnel...@starpoint.com wrote: JSONObject onButton1Press(SimplePojo pojo) { logger.info(pojo.toString()); return new JSONObject(response, ok3); } For this kind of parameter in an event handler method, Tapestry expects it to be in the event's activation context. I don't know of a JS implementation of Tapestry's URLEncoder, so I prefer to use query parameters in this case. In addition, ValueEncoder is usually (but not obligatorily) used for mapping objects to its ids, not to a String describing each of field values. I thought maybe I could contribute a ValueEncoder but that only sees individual parameters, not the whole request. Even this might work: JSONObject onButton1Press(JSONObject jsonObject) { SimplePojo pojo = SimplePojo.build(jsonObject); logger.info(pojo.toString()); return new JSONObject(response, ok4); } Why don't you use a query parameter to pass a String containing a JSON-encoded object and then use the JSONObject(String string) to parse it? -- Thiago H. de Paula Figueiredo - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Ajax Parameter Handling
I thought maybe I could contribute a ValueEncoder but that only sees individual parameters, not the whole request. Even this might work: JSONObject onButton1Press(JSONObject jsonObject) { SimplePojo pojo = SimplePojo.build(jsonObject); logger.info(pojo.toString()); return new JSONObject(response, ok4); } Why don't you use a query parameter to pass a String containing a JSON-encoded object and then use the JSONObject(String string) to parse it? This worked like a charm! $('#button1').click(function (event) { $.get(specs.button1_url, {params: JSON.stringify({ a: 'b', c: 'd'}) }) .done(function(data) { $(#responseDiv).text(data.response); }) }) JSONObject onButton1Press(@RequestParameter(params) String jsonString) { SimplePojo pojo = SimplePojo.build(new JSONObject(jsonString)); logger.info(pojo.toString()); return new JSONObject(response, ok5); } Thank you very much Theo! If you see any further enhancements you might make to that, I'd be very interested in hearing them. Tony Since 1982, Starpoint Solutions has been a trusted source of human capital and solutions. We are committed to our clients, employees, environment, community and social concerns. We foster an inclusive culture based on trust, respect, honesty and solid performance. Learn more about Starpoint and our social responsibility at http://www.starpoint.com/social_responsibility This email message from Starpoint Solutions LLC is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Opinions, conclusions and other information in this message that do not relate to the official business of Starpoint Solutions shall be understood as neither given nor endorsed by it. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Ajax Parameter Handling
FYI https://issues.apache.org/jira/browse/TAP5-2021 On 3/04/2013 1:32 AM, Tony Nelson wrote: I thought maybe I could contribute a ValueEncoder but that only sees individual parameters, not the whole request. Even this might work: JSONObject onButton1Press(JSONObject jsonObject) { SimplePojo pojo = SimplePojo.build(jsonObject); logger.info(pojo.toString()); return new JSONObject(response, ok4); } Why don't you use a query parameter to pass a String containing a JSON-encoded object and then use the JSONObject(String string) to parse it? This worked like a charm! $('#button1').click(function (event) { $.get(specs.button1_url, {params: JSON.stringify({ a: 'b', c: 'd'}) }) .done(function(data) { $(#responseDiv).text(data.response); }) }) JSONObject onButton1Press(@RequestParameter(params) String jsonString) { SimplePojo pojo = SimplePojo.build(new JSONObject(jsonString)); logger.info(pojo.toString()); return new JSONObject(response, ok5); } Thank you very much Theo! If you see any further enhancements you might make to that, I'd be very interested in hearing them. Tony Since 1982, Starpoint Solutions has been a trusted source of human capital and solutions. We are committed to our clients, employees, environment, community and social concerns. We foster an inclusive culture based on trust, respect, honesty and solid performance. Learn more about Starpoint and our social responsibility at http://www.starpoint.com/social_responsibility This email message from Starpoint Solutions LLC is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Opinions, conclusions and other information in this message that do not relate to the official business of Starpoint Solutions shall be understood as neither given nor endorsed by it. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org