Re: Frontend Frameworks / Libraries
> >>> > > > wish there was a magic bullet eliminating all these choices. I'd > >>> like > >>> > to > >>> > > > pick a new frontend framework, but with all the advise from the > >>> > different > >>> > > > sources, I don't think I know enough anymore to make an educated > >>> > > decision. > >>> > > > > >>> > > > On Sat, Aug 8, 2015 at 5:18 AM, Taha Siddiqi < > >>> tawus.tapes...@gmail.com > >>> > > > >>> > > > wrote: > >>> > > > > >>> > > >> For me it is om(or reactjs). I am currently in the process of > >>> > replacing > >>> > > >> JavaScript in one of my JavaScript intense Tapestry project > with > >>> > > >> om/ClojureScript. > >>> > > >> > >>> > > >> Sent from my iPhone > >>> > > >> > >>> > > >>>> On Aug 8, 2015, at 11:41 AM, Kalle Korhonen < > >>> > > kalle.o.korho...@gmail.com> > >>> > > >>> wrote: > >>> > > >>> > >>> > > >>>> On Fri, Aug 7, 2015 at 3:40 PM, françois facon < > >>> fra.fa...@gmail.com > >>> > > > >>> > > >> wrote: > >>> > > >>>> > >>> > > >>>> About Ember, I looking for an equivalent of > >>> > > >>>> https://docs.angularjs.org/tutorial. > >>> > > >>> > >>> > > >>> I haven't found anything quite as comprehensive for Ember. One > >>> issue > >>> > > with > >>> > > >>> Ember is that many of these tutorials are outdated because its > >>> > changed > >>> > > so > >>> > > >>> fast. The official documentation is often too simplistic when > you > >>> are > >>> > > new > >>> > > >>> to it but trying to build something real. However, this one is > >>> fairly > >>> > > >>> up-to-date and helped me quite a bit when I started out: > >>> > > >>> > >>> http://www.fnaweso.me/ember-js-nested-routing-with-multiple-outlets/ > >>> > > >>> > >>> > > >>> At least for me, working with AngularJS feels more like working > >>> with > >>> > T5 > >>> > > >>> services and its IoC whereas working with Ember feels more like > >>> > writing > >>> > > >> T5 > >>> > > >>> components and I felt right at home with all the Ember > >>> conventions. > >>> > And > >>> > > >>> while it's relatively easy to bootstrap AngularJS to run as > part > >>> of > >>> > T5 > >>> > > >> app, > >>> > > >>> it really doesn't make sense with all the bits and pieces of > >>> Ember > >>> > > >> tooling, > >>> > > >>> the CLI etc (there was an earlier thread about that and I > >>> followed > >>> > > >> Andreas > >>> > > >>> Andreou's advice). Ember is more comprehensive than AngularJS > and > >>> its > >>> > > >>> router is incredibly useful for mapping out a structure for > >>> larger > >>> > > spas. > >>> > > >>> > >>> > > >>> Kalle > >>> > > >>> > >>> > > >>> > >>> > > >>> > >>> > > >>>> 2015-08-07 22:18 GMT+02:00 Kalle Korhonen < > >>> > kalle.o.korho...@gmail.com > >>> > > >: > >>> > > >>>> > >>> > > >>>>> It's pretty easy. Don't build component event requests but > just > >>> > send > >>> > > >>>>> REST(-like) requests that are either processed by plain > >>> Tapestry > >>> > > pages > >>> > > >>>> and > >>> > > >>>>> its EventContext. If you are building a more comprehensive > spa > >>> then > >>> > > >>>>> consider pairing the client with JAX-WS resource backend > (i.e. > >>> > > >>>>> http://www.tynamo.org/tapestry-resteasy+guide/ for T5). > >>> > > Incidentally, > >>> > > >>>> I've > >>> > > >>>>> been working with spas lately as well, and moved from > AngularJS > >>> to > >>> > > >> Ember. > >>> > > >>>>> > >>> > > >>>>> Kalle > >>> > > >>>>> > >>> > > >>>>>> On Fri, Aug 7, 2015 at 12:46 PM, Bob Harner < > >>> bobhar...@gmail.com> > >>> > > >> wrote: > >>> > > >>>>>> > >>> > > >>>>>> Yes a page/event. As long as the URL looks like a tapestry > >>> event > >>> > > >>>> request, > >>> > > >>>>>> you can handle the request in an event handler method within > >>> the > >>> > > >> page's > >>> > > >>>>>> Java class, and return JSON. > >>> > > >>>>>> > >>> > > >>>>>> On Fri, Aug 7, 2015 at 2:40 PM, George Christman < > >>> > > >>>>> gchrist...@cardaddy.com> > >>> > > >>>>>> wrote: > >>> > > >>>>>> > >>> > > >>>>>>> Hi guys, I've been playing around with AngularJS and > backbone > >>> > > >>>> recently > >>> > > >>>>>> and > >>> > > >>>>>>> I'm wondering if it's pretty easy to use with Tapestry? I'm > >>> more > >>> > > >>>>>> concerned > >>> > > >>>>>>> with ajax events etc. I know in grails you can just point > >>> your > >>> > url > >>> > > >>>> to a > >>> > > >>>>>>> controller/action, would we do something similar in > Tapestry, > >>> but > >>> > > >>>>>> obviously > >>> > > >>>>>>> not a controller, but a page / event? > >>> > > >> > >>> > > >> > >>> - > >>> > > >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > >>> > > >> For additional commands, e-mail: users-h...@tapestry.apache.org > >>> > > > > >>> > > > > >>> > > > -- > >>> > > > George Christman > >>> > > > CEO > >>> > > > www.CarDaddy.com > >>> > > > P.O. Box 735 > >>> > > > Johnstown, New York > >>> > > > >>> > > > - > >>> > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > >>> > > For additional commands, e-mail: users-h...@tapestry.apache.org > >>> > > > >>> > > > >>> > > >>> > >>> > >>> > >>> -- > >>> George Christman > >>> CEO > >>> www.CarDaddy.com > >>> P.O. Box 735 > >>> Johnstown, New York > >>> > >>> > > > > -- > > Thiago H. de Paula Figueiredo > > Tapestry, Java and Hibernate consultant and developer > > http://machina.com.br > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > > -- Best Regards Harry Zhou
Re: Frontend Frameworks / Libraries
Ah, thanks so much for the tip! I did embed the files, which really bloated up the app. Will try out the duo app approach; makes lots of sense. On Tue, Sep 15, 2015 at 1:52 PM, Kalle Korhonen wrote: > On Tue, Sep 15, 2015 at 9:34 AM, Harry Zhou wrote: > > > Would appreciate your advice on how to setup Ember for T5.4. I imagine > the > > way would be defining an init module that requires via shim ember (also > > ember-data, etc.) and @import that module on the Tapestry page. But what > is > > the most logical place to put custom ember code, and how best to link > that > > custom code to the init module? > > > > I've mentioned something about it earlier in this message thread and there > was a different thread on it as well where Andreas Andreou shared his > experiences. Because of the ember-cli, and all the pretty cool transpiling, > minifying etc. tools, I really wouldn't try to embed the Ember scripts into > a T5 app but make it a separate app and run them together. It's easy to > package an ember app into .war if you need to - basically just zip up the > contents of /dist. Then just deploy those two wars together. The only other > thing you need to take care of is that the two applications can talk to > each other by adding the right CORS+CSP headers (see > https://en.wikipedia.org/wiki/Cross-origin_resource_sharing for more). If > you really wanted embed the scripts into a T5 application, I'd just > contribute the two different js files, the .js and vendor.js that > Ember spits out at the end as Javascript modules but I'd say developing > them together is too clunky that way. > > Kalle > > > > > On Mon, Sep 14, 2015 at 6:31 PM, Thiago H de Paula Figueiredo < > > thiag...@gmail.com> wrote: > > > > > On Mon, 14 Sep 2015 14:21:46 -0300, Kalle Korhonen < > > > kalle.o.korho...@gmail.com> wrote: > > > > > > React and Ember Fastboot solve the SEO problem by rendering the first > > load > > >> on server, but Angular doesn't offer the same functionality natively. > > >> There's https://prerender.io/ though, but it's another component you > > need > > >> to deploy. > > >> > > > > > > I like the concept of isomorphic webapps: the same JavaScript used in > the > > > client-side is used in the server-side for doing an initial rendering. > > > > > > The links above demonstrate it for Spring MVC, but I believe it could > be > > > very easily done with Tapestry too: > > > > > > http://winterbe.com/posts/2015/02/16/isomorphic-react-webapps-on-the-jvm/ > > > > > > > > > https://speakerdeck.com/sdeleuze/isomorphic-templating-with-spring-boot-nashorn-and-react > > > > > > > > > > > >> Kalle > > >> > > >> On Mon, Sep 14, 2015 at 6:20 AM, George Christman < > > >> gchrist...@cardaddy.com> > > >> wrote: > > >> > > >> Very nice Arve, do you have any experience making these angular pages > > SEO > > >>> friendly? > > >>> > > >>> On Sun, Sep 6, 2015 at 11:08 AM, Arve Klev > wrote: > > >>> > > >>> > Hello. > > >>> > Yes it is VERY easy to to use AngularJS (or eg. > > >>> Highchart/Raphael/JChart) > > >>> > with Tapestry 5.4. > > >>> > Use Tapestry as usual and let different pages do what you want (eg. > > one > > >>> > page as an AngularJS SPA). > > >>> > Every page use the same Layout component. > > >>> > > > >>> > 1. Place angular.js in > src/main/resources/META-INF/modules/angular.js > > >>> > 2. Create a file > > >>> src/main/resources/META-INF/modules/angular-bootstrap.js > > >>> > that bootstrap angular and your own angular code > > >>> > 3. Create a file > > src/main/resources/META-INF/modules/my-angular-code.js > > >>> > 4. Create a file > > src/main/resources/META-INF/assets/my-angular-code.css > > >>> for > > >>> > decoration > > >>> > 5. Import angular-bootstrap.js and my-angular-code.css in your > > >>> class-file: > > >>> > @Import(module = { "angular-bootstrap" }, stylesheet = { > > >>> > "my-angular-code.css" }) > > >>> > > > >>> > I have a running example here: http://tap54-arvek.rhcloud.com > > >>> > The code at
Re: Frontend Frameworks / Libraries
hone >>> > > >> >>> > > >>>> On Aug 8, 2015, at 11:41 AM, Kalle Korhonen < >>> > > kalle.o.korho...@gmail.com> >>> > > >>> wrote: >>> > > >>> >>> > > >>>> On Fri, Aug 7, 2015 at 3:40 PM, françois facon < >>> fra.fa...@gmail.com >>> > > >>> > > >> wrote: >>> > > >>>> >>> > > >>>> About Ember, I looking for an equivalent of >>> > > >>>> https://docs.angularjs.org/tutorial. >>> > > >>> >>> > > >>> I haven't found anything quite as comprehensive for Ember. One >>> issue >>> > > with >>> > > >>> Ember is that many of these tutorials are outdated because its >>> > changed >>> > > so >>> > > >>> fast. The official documentation is often too simplistic when you >>> are >>> > > new >>> > > >>> to it but trying to build something real. However, this one is >>> fairly >>> > > >>> up-to-date and helped me quite a bit when I started out: >>> > > >>> >>> http://www.fnaweso.me/ember-js-nested-routing-with-multiple-outlets/ >>> > > >>> >>> > > >>> At least for me, working with AngularJS feels more like working >>> with >>> > T5 >>> > > >>> services and its IoC whereas working with Ember feels more like >>> > writing >>> > > >> T5 >>> > > >>> components and I felt right at home with all the Ember >>> conventions. >>> > And >>> > > >>> while it's relatively easy to bootstrap AngularJS to run as part >>> of >>> > T5 >>> > > >> app, >>> > > >>> it really doesn't make sense with all the bits and pieces of >>> Ember >>> > > >> tooling, >>> > > >>> the CLI etc (there was an earlier thread about that and I >>> followed >>> > > >> Andreas >>> > > >>> Andreou's advice). Ember is more comprehensive than AngularJS and >>> its >>> > > >>> router is incredibly useful for mapping out a structure for >>> larger >>> > > spas. >>> > > >>> >>> > > >>> Kalle >>> > > >>> >>> > > >>> >>> > > >>> >>> > > >>>> 2015-08-07 22:18 GMT+02:00 Kalle Korhonen < >>> > kalle.o.korho...@gmail.com >>> > > >: >>> > > >>>> >>> > > >>>>> It's pretty easy. Don't build component event requests but just >>> > send >>> > > >>>>> REST(-like) requests that are either processed by plain >>> Tapestry >>> > > pages >>> > > >>>> and >>> > > >>>>> its EventContext. If you are building a more comprehensive spa >>> then >>> > > >>>>> consider pairing the client with JAX-WS resource backend (i.e. >>> > > >>>>> http://www.tynamo.org/tapestry-resteasy+guide/ for T5). >>> > > Incidentally, >>> > > >>>> I've >>> > > >>>>> been working with spas lately as well, and moved from AngularJS >>> to >>> > > >> Ember. >>> > > >>>>> >>> > > >>>>> Kalle >>> > > >>>>> >>> > > >>>>>> On Fri, Aug 7, 2015 at 12:46 PM, Bob Harner < >>> bobhar...@gmail.com> >>> > > >> wrote: >>> > > >>>>>> >>> > > >>>>>> Yes a page/event. As long as the URL looks like a tapestry >>> event >>> > > >>>> request, >>> > > >>>>>> you can handle the request in an event handler method within >>> the >>> > > >> page's >>> > > >>>>>> Java class, and return JSON. >>> > > >>>>>> >>> > > >>>>>> On Fri, Aug 7, 2015 at 2:40 PM, George Christman < >>> > > >>>>> gchrist...@cardaddy.com> >>> > > >>>>>> wrote: >>> > > >>>>>> >>> > > >>>>>>> Hi guys, I've been playing around with AngularJS and backbone >>> > > >>>> recently >>> > > >>>>>> and >>> > > >>>>>>> I'm wondering if it's pretty easy to use with Tapestry? I'm >>> more >>> > > >>>>>> concerned >>> > > >>>>>>> with ajax events etc. I know in grails you can just point >>> your >>> > url >>> > > >>>> to a >>> > > >>>>>>> controller/action, would we do something similar in Tapestry, >>> but >>> > > >>>>>> obviously >>> > > >>>>>>> not a controller, but a page / event? >>> > > >> >>> > > >> >>> - >>> > > >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> > > >> For additional commands, e-mail: users-h...@tapestry.apache.org >>> > > > >>> > > > >>> > > > -- >>> > > > George Christman >>> > > > CEO >>> > > > www.CarDaddy.com >>> > > > P.O. Box 735 >>> > > > Johnstown, New York >>> > > >>> > > - >>> > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> > > For additional commands, e-mail: users-h...@tapestry.apache.org >>> > > >>> > > >>> > >>> >>> >>> >>> -- >>> George Christman >>> CEO >>> www.CarDaddy.com >>> P.O. Box 735 >>> Johnstown, New York >>> >>> > > -- > Thiago H. de Paula Figueiredo > Tapestry, Java and Hibernate consultant and developer > http://machina.com.br > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Best Regards Harry Zhou
Tapestry Upload MaxFileSize
Hi Friends! I am using symbols upload.filesize-max and upload.requestsize-max to limit the size of upload files. As many of you have noticed, however, an UploadException won't actually be thrown until a large file has finished uploading. I understand that the solution may be to place a MultipartConfig in web.xml (I am using Jetty). The samples I can find, however, all point to placing the MultipartConfig into a servlet element, which the tapestry web.xml does not have (because of the filter mechanism?). Any guidance on how to throttle multipart request to a tapestry web app when the request exceeds a max size would be greatly appreciated. Best, Harry
Re: Far Future Expiration Headers of Assets
Hi George, It does sound like the same issue. Regarding the "leverage browser caching" warning, I did not "solve" the problem -- it appears to be a false alarm by Chrome PageSpeed: (i) if one keeps the Chrome developer panel up and click around in a Tapestry webapp, one should see that the assets are indeed cached after the initial round of full requests ("200 from cache" will be shown for cached assets). No requests for these assets will actually be sent to server unless the user clicks the refresh button or run an audit with page reload from Chrome PageSpeed. The latter case is where PageSpeed will complain about the assets, because although it sees the 10-year-in-the-future headers in the responses, which Chrome does honor and will cache accordingly, PageSpeed will, however, want to see a "Cache-Control" header in responses. It is likely a non-issue because during ordinary browsing client caching is leveraged. The 60 seconds for modules are discussed here: http://tapestry.apache.org/javascript-modules.html "By default, Tapestry sets a max age of 60 (seconds) on modules, so you won't see module requests on every page load. This is configurable and you may want a much higher value in production. If you are rapidly iterating on the source of a module, you may need to force the browser to reload after clearing local cache. Chrome has an option to disable the client-side cache when its developer tools are open." The page lists solutions as well. Harry On Mon, Dec 22, 2014 at 12:44 PM, George Christman wrote: > I'm having this same issue which I posted up a couple weeks ago > without any response. > http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/5-4-asset-expire-header-td5729478.html > > So my first question is what did you do to resolve the issue? > > Secondly I am running in production mode, so I'm not sure what the > cause could be. I'll have to check the cdn, but this is what google is > complaining about. The images are being called from a sprite map in > css where the context binding prefix can't be used. > > Leverage browser caching > > Setting an expiry date or a maximum age in the HTTP headers for static > resources instructs the browser to load previously downloaded > resources from local disk rather than over the network. > Leverage browser caching for the following cacheable resources: > > https://d39chrhoz7kxwa.cloudfront.net/1f1a90de-ed5_300.jpg (expiration > not specified) > https://d39chrhoz7kxwa.cloudfront.net/29fb2b34-55d_300.jpg (expiration > not specified) > https://d39chrhoz7kxwa.cloudfront.net/3902d130-3b1_300.jpg (expiration > not specified) > https://d39chrhoz7kxwa.cloudfront.net/75713aa2-bec_300.jpg (expiration > not specified) > https://www.cardaddy.com/modules.gz/autocomplete-custom.js (60 seconds) > https://www.cardaddy.com/modules.gz/bootstrap/collapse.js (60 seconds) > https://www.cardaddy.com/modules.gz/bootstrap/dropdown.js (60 seconds) > https://www.cardaddy.com/modules.gz/bootstrap/transition.js (60 seconds) > https://www.cardaddy.com/modules.gz/t5/core/messages/en_US.js (60 seconds) > https://www.cardaddy.com/modules.gz/t5/core/select.js (60 seconds) > https://www.cardaddy.com/modules.gz/t5/core/zone.js (60 seconds) > > Any thoughts? > > On Sun, Dec 21, 2014 at 5:14 PM, Harry Zhou wrote: >> Hi Bob and Thiago, thank you for pointing me to the right direction! >> Problem solved. >> >> It is NOT Tapestry related: Chrome's PageSpeed audit tool chooses to >> ignore Tapestry's 10-year-in-the-future "Expires" response header. >> But during actual browsing the assets are actually cached (seeing "200 >> from cache"). >> >> Google seems to take the position that "Expires" response headers are >> "superseded." While Chrome honors "Expires" during browsing, it will >> also look for a "Cache-Control" in response headers. See >> https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#cache-control >> >> >> On Sun, Dec 21, 2014 at 2:54 PM, Thiago H de Paula Figueiredo >> wrote: >>> Another thing to check: production mode is off? >>> >>> >>> On Sun, 21 Dec 2014 17:34:39 -0200, Bob Harner wrote: >>> >>>> Be sure production mode is on and that your links to the asset are using >>>> the asset: or context: binding prefix. >>>> >>>> Can you give us a typical asset URL (as seen by the browser)? That might >>>> give us some hints. >>>> >>>> Also be sure the expires headers aren't being removed by a proxy or CDN. >>>>
Re: Far Future Expiration Headers of Assets
Hi Bob and Thiago, thank you for pointing me to the right direction! Problem solved. It is NOT Tapestry related: Chrome's PageSpeed audit tool chooses to ignore Tapestry's 10-year-in-the-future "Expires" response header. But during actual browsing the assets are actually cached (seeing "200 from cache"). Google seems to take the position that "Expires" response headers are "superseded." While Chrome honors "Expires" during browsing, it will also look for a "Cache-Control" in response headers. See https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching#cache-control On Sun, Dec 21, 2014 at 2:54 PM, Thiago H de Paula Figueiredo wrote: > Another thing to check: production mode is off? > > > On Sun, 21 Dec 2014 17:34:39 -0200, Bob Harner wrote: > >> Be sure production mode is on and that your links to the asset are using >> the asset: or context: binding prefix. >> >> Can you give us a typical asset URL (as seen by the browser)? That might >> give us some hints. >> >> Also be sure the expires headers aren't being removed by a proxy or CDN. >> Hint: doest the issue happen on your desktop with local host, or only when >> running on a server? >> On Dec 21, 2014 11:55 AM, "Harry Zhou" wrote: >> >>> Hi! >>> >>> About my T5.4 site, Google is complaining that "resources are missing >>> a cache expiration. Resources that do not specify an expiration may >>> not be cached by browsers . . . " >>> >>> I read that "assets get a far-future expires header" and will be >>> "client browsers will aggressively cache downloaded assets." So I am >>> not sure why responses for my assets all come with >>> "Cache-Control:no-cache" and "Pragma:no-cache". >>> >>> Any help would be appreciated. Thanks! >>> >>> Best Regards >>> Harry >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> For additional commands, e-mail: users-h...@tapestry.apache.org >>> >>> > > > -- > Thiago H. de Paula Figueiredo > Tapestry, Java and Hibernate consultant and developer > http://machina.com.br > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > -- Best Regards Harry Zhou - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Far Future Expiration Headers of Assets
Hi! About my T5.4 site, Google is complaining that "resources are missing a cache expiration. Resources that do not specify an expiration may not be cached by browsers . . . " I read that "assets get a far-future expires header" and will be "client browsers will aggressively cache downloaded assets." So I am not sure why responses for my assets all come with "Cache-Control:no-cache" and "Pragma:no-cache". Any help would be appreciated. Thanks! Best Regards Harry - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Prevent double or more submissions.
Below is the source of a ClickOnce mixin I wrote for 5.4. Hopefully it helps. Note that the mixin should be applied to a element. 1. Trivial java class package some.package.name.mixins; // Insert package name. That "mixins" has to be there. import org.apache.tapestry5.ClientElement; import org.apache.tapestry5.annotations.InjectContainer; import org.apache.tapestry5.annotations.MixinAfter; import org.apache.tapestry5.ioc.annotations.Inject; import org.apache.tapestry5.services.javascript.JavaScriptSupport; @MixinAfter public class ClickOnce { @Inject private JavaScriptSupport javaScriptSupport; @InjectContainer private ClientElement clientElement; public void afterRender() { javaScriptSupport.require("clickOnce").with("#" + clientElement.getClientId()); } } 2. JavaScript. "clickOnce.js" should be a javascript file under the folder: src / main / resources / META-INF / modules / define(["jquery"], function($) { return function(elementId) { $(elementId).on("click", function(e) { var element = $(this); if(element.data("clicked") == true) { element.prop("disabled", true); e.preventDefault(); } else { element.data("clicked", true); if(element.is("a")) { element.text("One moment ..."); // Change "One moment ..." to whatever prompt you like; use message catalogue for i18n. element.addClass("disabled"); } else { element.val("One moment ..."); } } }); } }) That "e.preventDefault()" stops the form from emitting a submission event. 3. Like all JavaScript solutions, the above wouldn't work if JavaScript is somehow disabled in the user browser, and can be bypassed. For server-end prevention of double-clicking, implement a token system that stores a random token in both session and as a hidden field (using , etc.) in the form. The token in session gets immediately removed upon first use (token redemption). Subsequent token redemption for the same token should be ignored. This comes with the additional benefit of CSRF prevention. On Mon, Dec 1, 2014 at 1:26 PM, Thiago H de Paula Figueiredo wrote: > On Mon, 01 Dec 2014 16:05:02 -0200, Charlouze wrote: > >> I'm not sure to understand what you mean... jumpstart example uses plain >> old js and does not work with tapestry client-side validation. > > > I mean something like > http://stackoverflow.com/questions/926816/how-to-prevent-form-from-submitting-multiple-times-from-client-side. > > $("form").submit(function() { > $(this).submit(function() { > return false; > }); > return true; > }); > > JumpStart's code you linked disables the button itself, which is an easier > way of showing how to write a mixin that uses JavaScript, while the one > above disables the second form submission itself. > > > -- > Thiago H. de Paula Figueiredo > Tapestry, Java and Hibernate consultant and developer > http://machina.com.br > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > -- Best Regards Harry Zhou - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Access Hibernate with out injection
Hi Dragon, I believe what Kalle and Thiago are saying is that @Inject in your realm will not work unless your realm is itself a service or a component (such as a page). In your code, the "RRealm realm" is a plain old java object instantiated using "new". Tapestry IoC injection service will not be invoked during such conventional instantiation, and the hibernate field you are trying to @Inject inside such realm object will definitely be NULL. As described by Kalle and Thiago, you have two ways to solve this. 1. Tell Tapestry to build "RRealm realm" as if it is a service by using the @Autobuild annotation. That way, Tapestry IoC will take on the responsibility of building the object (no longer a need for you to call "new"), during which @Inject will be honored. Specifically, you should change the "addRealm" method declaration to add another parameter: @Autobuild RRealm realm. That parameter will be automagically provided by Tapestry, with all @Inject-ed dependencies resolved. 2. You can make RRealm a Tapestry IoC service (by creating an interface, an implementation, and bind the two in AppModule). Lastly, make sure whatever you are trying to @Inject (sounds like a hibernate instance) is itself a Tapestry IoC serivce. If not, Tapestry will throw an exception. Hope this helps. On Tue, Nov 18, 2014 at 3:24 PM, dragon wrote: > > On 11/18/2014 02:50 PM, Kalle Korhonen wrote: > > You make your AuthorizingRealm a Tapestry service or at least let the ioc > > @Autobuild it for you. This is all fairly well covered at > > http://tynamo.org/tapestry-security+guide but sounds like you might not > be > > using tapestry-security. Anyway, here's an sample service realm (in JPA > but > > same difference): > > > https://github.com/tynamo/tynamo-federatedaccounts/blob/master/tynamo-federatedaccounts-test/src/test/java/org/tynamo/security/federatedaccounts/testapp/services/UserRealm.java > > . > I am using tynamo-security and setting the config and the realm via the > AppModule: > > @Contribute(WebSecurityManager.class) > public static void addRealms(Configuration configuration) { > CredentialsMatcher credentialsMatcher = new RCredentialsMatcher(); > RRealm realm = new RRealm(); > realm.setCredentialsMatcher(credentialsMatcher); > configuration.add(realm); > } > > When the realm is created any @Inject is ignored (Session is always > NULL). I have looked at the tynamo page and I do not see where its > described or shown using the realm as a service.. am i missing something? > > Thanks > > > > Kalle > > > > On Tue, Nov 18, 2014 at 11:40 AM, dragon wrote: > > > >> Im trying to access a hibernate entity/database from a shiro > >> AuthorizingRealm extending class. Since the tapestry IOC does not inject > >> outside Pages / Components, how do i access the Hibernate Session so i > >> can access the database? > >> > >> > >> Thanks for any suggestions. > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > >> For additional commands, e-mail: users-h...@tapestry.apache.org > >> > >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Best Regards Harry Zhou
Re: Session Cookie Remains after Tapestry Security Logout
Kalle, Thank you so much for the quick reply, based on which we have done the following: 1. We surveyed several Tapestry sites (including the hotelbooking demo app) and confirmed that leaving the cookie after session invalidation is expected. 2. We then double confirmed that the leftover cookie is indeed the cause of server-side exception reporting -- as soon as the cookie is manually removed or re-issued by the server (as the result of a persistent page field, etc.), the server stops complaining. 3. We then decided that the issue was with the client's server environment, which ran Jetty 6, and confirmed with the client that it was an arbitrary choice. They provided a new Jetty 9 environment, under which we deployed the application, and the exceptions went away! So all is good! Thanks Kalle. Best, Harry On Mon, Nov 3, 2014 at 12:42 PM, Kalle Korhonen wrote: > On Sun, Nov 2, 2014 at 4:41 PM, Harry Zhou wrote: > > > The user is indeed logged out, and the session is indeed invalidated. > > Everything seems to work fine. > > 3. The Issue > > Upon closer inspection, I noticed that the session cookie created by user > > during login is still in the browser after logout. The browser > repeatedly > > requests the session with the JSESSIONID: "g3xfcskjnvf" from the server, > > which has already been invalidated. > > > > Sure enough, the server stderrout log shows the following (trimmed for > > clarity) for each request made by the user after logout: > > > > INFO org.codehaus.wadi.core.contextualiser.HybridRelocater - Unknown > > session [g3xfcskjnvf] > > ERROR org.codehaus.wadi.core.manager.StandardManager - Could not acquire > > session [g3xfcskjnvf] > > Is it normal that the session cookie is not removed (by setting maxAge to > > 0, etc.) after the session is invalidated on the server side? If not, > did > > I make a mistake in my way of logging the user out that causes the cookie > > to remain? > > > > First of all, requesting an invalid session should not have been logged > as > an error - it's a completely normal for a web application - a WARN or > simply DEBUG would have suited much better (you could open an issue with > Wadi on that). Anyway, tapestry-security doesn't explicitly remove > JSESSIONID cookie on logout. It just invalidates the session and removes > the rememberMe cookie. I didn't see that you are manually removing the > JSESSIONID cookie anywhere in your code. If you are and it doesn't work, > the headers must be rewritten after the fact. Whether it should be done > automatically by the servlet implementation, I'm actually not sure if the > spec says anything about it. We could check that out and if the behavior is > left open, it'd be simple to add that as an enhancement to > tapestry-security. > > Kalle > -- Best Regards Harry Zhou
Session Cookie Remains after Tapestry Security Logout
Hi Everyone! I am developing an application using Tapestry 5.4-beta-22 & Tapestry-Security 0.6.2. The Tapestry framework and the Tapestry-Security module have made my life a lot easier, and for that I am really grateful. I am writing to seek your generous input on an issue regarding the session cookie generated by tapestry-security login, which seems to linger after the session itself has been invalidated as a result of logout. 1. A user performs login and a corresponding session is created: Subject subject = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(userName, password); token.setRememberMe(false); subject.login(token); In the browser, a JSESSIONID cookie with the value: g3xfcskjnvf is created, with maxAge: Session. So far so good. 2. The user performs log out: try { SecurityUtils.getSubject().logout(); // I believe the if block below is no longer necessary in Tapestry 5.4, // but kept it just in case. "request" is an injected instance of the Tapestry // Request service. if (request.getSession(false) != null) { request.getSession(false).invalidate(); } } catch (Exception e) {}; The user is indeed logged out, and the session is indeed invalidated. Everything seems to work fine. 3. The Issue Upon closer inspection, I noticed that the session cookie created by user during login is still in the browser after logout. The browser repeatedly requests the session with the JSESSIONID: "g3xfcskjnvf" from the server, which has already been invalidated. Sure enough, the server stderrout log shows the following (trimmed for clarity) for each request made by the user after logout: INFO org.codehaus.wadi.core.contextualiser.HybridRelocater - Unknown session [g3xfcskjnvf] ERROR org.codehaus.wadi.core.manager.StandardManager - Could not acquire session [g3xfcskjnvf] Is it normal that the session cookie is not removed (by setting maxAge to 0, etc.) after the session is invalidated on the server side? If not, did I make a mistake in my way of logging the user out that causes the cookie to remain? Thank you for your advice in advance. Best Regards Harry