Re: How to define a private service (a service only for another service)
Hi, [...] a list of additional classes to be treated as module classes, exactly as if they were identified in the manifest. Despite the name, there is no hierarchy of modules in Tapestry IoC. The documentation is perhaps not 100% accurate here. @Local can be used to restrict service lookup scope to same module so there is already sorts of hierarchy going on. I guess the suggested @ModulePrivate would be similar but controlling service exposure scope instead of lookup scope. Cheers, --Nikla - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Zone might result in memory leak
Hi, Afaik, zone div contents is replaced by whatever server side returns from event handler method. That is, if you return a zone Tapestry will faithfully replace zone contents with a copy of original zone... after all, you could return a completely different zone than the original one. Refresh will then keep nesting zones and the dom will just get bigger all the time. If you observe dom in eg. firebug when link in below is clicked consecutively it just keeps getting added to with every click. div t:id=zone1 a t:type=eventlink t:id=update1 zone=^Update/a /div @Component private Zone zone1; @OnEvent(update1) Object update1() { return zone1; } Cheers, --Nikla On 4.7.2011 6:36, Taha Hafeez wrote: Hi While working on the Zone-refresh component, I was testing it on IE8 and found that it resulted in memory leak... After working on it the whole day I couldn't get around it. Finally I disabled the timer and used fast manual clicks to check if the problem was with the zone itself. What I found was that if I return zone.getBody() then there is no memory leak but if I return zone then there is a constant leak of memory. I might be wrong but this was my 4:30 in the morning to 12:10 at night conclusion (that too on a Sunday) The test is this 1. create a eventlink and link it to a zone. 2. return Zone from event handler and see the memory usage 3. return zone.getBody() from event handler and see the memory usage I pray I am not wrong otherwise it will to total waste of my sunday regards Taha - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Live reload in production?
Hi, In a busy live environment I would prefer disabled by default but still doable programmatically for occasional critical patching. This would allow reloading to be hooked for example to some administrative web service and result in better atomicity if multiple files need to be patched. That said, I currently deploy entire app most of the times. Cheers, --Nikla On 20.4.2011 22:43, Kalle Korhonen wrote: On Wed, Apr 20, 2011 at 10:03 PM, Thiago H. de Paula Figueiredo thiag...@gmail.com wrote: On Wed, 20 Apr 2011 15:21:10 -0300, LLTYKll...@mailinator.com wrote: Disabled, so you automatically get better performance. I don't think you should have to tweak Tapestry options to get better performance. Good point. But a similar argument can be used: enabled, so you get a faster development environment without tweaking options. My gosh, these decisions are hard. :) Everybody wants better performance but only certain group of users want/need reloading in production. For the whole discussion - personally I think live reloading is the wrong way to solve the application upgrade / patching problem, you give up too much for the benefit. I've been doing skinny wars, deploying dependent libs separately and auto-reloading of the web app for a few years, to achieve production deployment and updates in less than two seconds. Together with Tomcat 7's parallel deployment, you get a nice zero downtime environment. Kalle -- Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and instructor Owner, Ars Machina Tecnologia da Informação Ltda. http://www.arsmachina.com.br - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Page Validation
Hi, As an alternate approach you may override the default page source with an implementation that checks security constraints just before giving out the page instance - this basically has the added benefit that secured page instances may not be obtained even through (accidental) malicious code in non-secure pages or services. -- Overridden engine public class MyEngine extends BaseEngine { protected IPageSource createPageSource(RequestContext context) { return new ProtectedPageSource(this); } } -- Overridden page source public class ProtectedPageSource extends PageSource { public ProtectedPageSource(IEngine engine) { super(engine); } public IPage getPage(IRequestCycle cycle, String pageName, IMonitor monitor) { IPage page = super.getPage(cycle, pageName, monitor); if (page != null page instanceof ProtectedPage) { Visit visit = (Visit) cycle.getEngine().getVisit(); if (visit == null || visit.getUser() == null) throw new PageRedirectException(Login); } return page; } } -- A protected page public class ProtectedPage extends BasePage { } Something along those lines ;) Cheers, -- Nikla Mark Stang wrote: Hi, This seems to work for us. public class ValidatePage extends BasePage implements PageValidateListener { public void pageValidate(PageEvent event) { Mediator mediator = MgmtFactory.getMediator(); if (!mediator.isConsole()) { IPage messagePage = getRequestCycle().getPage(nonAdminConsole); throw new PageRedirectException(messagePage); } else { // If there is no visit object or the user isn't auth'd ship // them off to the login page Visit visit = (Visit)getVisit(); if (visit == null || !visit.isUserAuthenticated()) { Login login = (Login)getRequestCycle().getPage(login); throw new PageRedirectException(login); } } } } I tried a couple of different experiments. The first was to log in and copy a link then close the browser. I wasn't able to get to the page via the direct link. If I logout and try and access the page via a direct link, I don't get access. If I log in and copy a link and then surf off to another page, then I can come back via the direct link. All of this is based on my use of a session and the visit object. So, reviewing you code, I would think you need to have to check more than if the visit exists. You need to store a flag saying they they have been authenticated. regards, Mark Mark J. Stang Senior Engineer/Architect office: +1 303.468.2900 mobile: +1 303.507.2833 Ping Identity -Original Message- From: James Sherwood [mailto:[EMAIL PROTECTED] Sent: Fri 2/23/2007 6:34 AM To: Tapestry users Subject: Page Validation Hello, We use Tapestry 3.2 I have security (login) using PageValidateListener. The secure page in the site is called ISOPage which extends BasePage. I add the page validation using: public ISOPage(){ super(); addPageValidateListener(new PageValidationListener()); } The PageValidationListener class implements PageValidateListener and does security like this: if(visit.getUser() == null){ throw new PageRedirectException(UserLogin); } This all works fine it seems unless a direct is involved. If I copy a directlink then try to access it without loggin in it shows me the page the directlink java code is on. The PageRedirectException does happen and if I refresh or try to go anywhere it sends me to the login but it still shows that page first. Any ideas? Thanks, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]