Re: t5: protecting data from public access
Hi Angelo, Using a Dispatcher (or Request filter) enables you to filter on every Request, so simply wire Tapestry's ApplicationStateManager to your Dispatcher and retrieve the appropriate ASO instance to check access for the requested page / resource: public PageAccessController(ApplicationStateManager asm, etc...){ asm_ = asm; ... } @Override public boolean service(Request request, Response response,...etc){ siteAccess = asm_.get(SiteAccess.class); if(!siteAccess.isAuthenticated()) redirectToLogin(); } For an extranet it is better to deny access by default unless explicitly permissioned. regards, Peter - Original Message - From: "Onno Scheffers" To: "Tapestry users" Sent: Wednesday, 10 June, 2009 19:19:21 GMT +02:00 Athens, Beirut, Bucharest, Istanbul Subject: Re: t5: protecting data from public access > > this is a good idea. which one is faster: > returning the image as a stream or a direct link to a physical file in the > file system? The physical file is much faster. It just gets a little troublesome to keep all files in sync if your application has to be distributed over multiple servers: a file-upload will need to be placed onto the filesystem of each and every server. You don't have that problem when you put the files in a database. regards, Onno - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: protecting data from public access
> > this is a good idea. which one is faster: > returning the image as a stream or a direct link to a physical file in the > file system? The physical file is much faster. It just gets a little troublesome to keep all files in sync if your application has to be distributed over multiple servers: a file-upload will need to be placed onto the filesystem of each and every server. You don't have that problem when you put the files in a database. regards, Onno
Re: t5: protecting data from public access
this is a good idea. which one is faster: returning the image as a stream or a direct link to a physical file in the file system? Onno Scheffers-3 wrote: > >> >> Hi, >> your understanding is correct, photos are under protected folders. and >> the >> scaling will be a problem, but do you think it is good to store photo in >> the >> database's blob field? and every rendering requires copying from database >> to >> a temporary file? > > > > You can spool the data from a BLOB straight back to the client without > having to store it in a file first. You don't even need to fully load it > into memory. Im using Hibernate + PostgreSQL in my projects. Here's a > short > example of a StreamResponse that returns a binary stream from a Blob. > >public InputStream getStream() throws IOException { > [...] > Blob blob = // SOME_RECORD.getData(); > if(blob == null) { > [...] > } > try { > return blob.getBinaryStream(); > } catch (SQLException e) { > [...] > } >} > > Storing binary data in blobs makes a lot of things easier and we've never > had any problems with it so far. You can always setup a database > replication > scheme to increase the database performance if you have an awful lot of > visitors. > > regards, > > Onno > > -- View this message in context: http://www.nabble.com/t5%3A-protecting-data-from-public-access-tp23959208p23965764.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: protecting data from public access
> > Hi, > your understanding is correct, photos are under protected folders. and the > scaling will be a problem, but do you think it is good to store photo in > the > database's blob field? and every rendering requires copying from database > to > a temporary file? You can spool the data from a BLOB straight back to the client without having to store it in a file first. You don't even need to fully load it into memory. Im using Hibernate + PostgreSQL in my projects. Here's a short example of a StreamResponse that returns a binary stream from a Blob. public InputStream getStream() throws IOException { [...] Blob blob = // SOME_RECORD.getData(); if(blob == null) { [...] } try { return blob.getBinaryStream(); } catch (SQLException e) { [...] } } Storing binary data in blobs makes a lot of things easier and we've never had any problems with it so far. You can always setup a database replication scheme to increase the database performance if you have an awful lot of visitors. regards, Onno
Re: t5: protecting data from public access
On Wed, Jun 10, 2009 at 12:14 PM, Angelo Chen wrote: > Hi, Hi! > and every rendering requires copying from database to > a temporary file? You don't need to that. Just create a page that returns the image wrapped in a StreamResponse. -- Thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: protecting data from public access
Hi, your understanding is correct, photos are under protected folders. and the scaling will be a problem, but do you think it is good to store photo in the database's blob field? and every rendering requires copying from database to a temporary file? Onno Scheffers-3 wrote: > > I didn't fully understand your exact requirement. Should the photo's be > publicly accessible (as in published by the user) or do you need to be > logged in to be able to access the photo? > > If public access it isn't allowed, you should move the photo's to a > protected folder and you can create a Tapestry component that renders the > image-link and -if properly logged in- returns the binary image/Asset > directly from the file-system. Here's an example of how to create a > component that builds a link to a binary object : > http://wiki.apache.org/tapestry/Tapestry5HowToCreatePieChartsInAPage > > Also keep in mind that synchronizing images on file-systems quickly > becomes > tedious if your app becomes popular and needs to scale to multiple > servers. > So maybe storing them in a database/cloud would make your project more > future-ready? > > regards, > > Onno > > > > On Wed, Jun 10, 2009 at 12:06 PM, Angelo Chen > wrote: > >> >> Hi, >> >> In a app that I'm going to develop, it requires users to log in before >> they >> can browse job related info, quite a number of those are pictures, those >> photos now are stored in folders of the server, the easiest way is, link >> that folder to tomcat's context, and program can refer to a particular >> photo >> with < img> tag, problem is, once the link is obtained, user can refer to >> that photo even without log in, any idea how to meet this requirement? >> One >> way I can think of is, program will copy the photo on demand to a temp >> folder, but it will slow down the rendering, any idea how to meet this >> requirement with tapestry 5? >> >> Thanks, >> -- >> View this message in context: >> http://www.nabble.com/t5%3A-protecting-data-from-public-access-tp23959208p23959208.html >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > > -- View this message in context: http://www.nabble.com/t5%3A-protecting-data-from-public-access-tp23959208p23964493.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: protecting data from public access
I didn't fully understand your exact requirement. Should the photo's be publicly accessible (as in published by the user) or do you need to be logged in to be able to access the photo? If public access it isn't allowed, you should move the photo's to a protected folder and you can create a Tapestry component that renders the image-link and -if properly logged in- returns the binary image/Asset directly from the file-system. Here's an example of how to create a component that builds a link to a binary object : http://wiki.apache.org/tapestry/Tapestry5HowToCreatePieChartsInAPage Also keep in mind that synchronizing images on file-systems quickly becomes tedious if your app becomes popular and needs to scale to multiple servers. So maybe storing them in a database/cloud would make your project more future-ready? regards, Onno On Wed, Jun 10, 2009 at 12:06 PM, Angelo Chen wrote: > > Hi, > > In a app that I'm going to develop, it requires users to log in before they > can browse job related info, quite a number of those are pictures, those > photos now are stored in folders of the server, the easiest way is, link > that folder to tomcat's context, and program can refer to a particular > photo > with < img> tag, problem is, once the link is obtained, user can refer to > that photo even without log in, any idea how to meet this requirement? One > way I can think of is, program will copy the photo on demand to a temp > folder, but it will slow down the rendering, any idea how to meet this > requirement with tapestry 5? > > Thanks, > -- > View this message in context: > http://www.nabble.com/t5%3A-protecting-data-from-public-access-tp23959208p23959208.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: t5: protecting data from public access
Hi, I use dispatcher in some cases like logging and automatic logging of user with cookie, but how to use dispatcher in this context? any tips? how we expose the protected data? Angelo Thiago H. de Paula Figueiredo wrote: > > On Wed, Jun 10, 2009 at 7:06 AM, Angelo Chen > wrote: >> folder, but it will slow down the rendering, any idea how to meet this >> requirement with tapestry 5? > > If you need or want a pure Tapestry solution, use a dispatcher. By the > way, a dispatcher is possible a solution for almost any cross-page or > cross-URL problem. > > -- > Thiago > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > > -- View this message in context: http://www.nabble.com/t5%3A-protecting-data-from-public-access-tp23959208p23961416.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: protecting data from public access
On Wed, Jun 10, 2009 at 7:06 AM, Angelo Chen wrote: > folder, but it will slow down the rendering, any idea how to meet this > requirement with tapestry 5? If you need or want a pure Tapestry solution, use a dispatcher. By the way, a dispatcher is possible a solution for almost any cross-page or cross-URL problem. -- Thiago - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: t5: protecting data from public access
Hi Angelo, you might investigate tapestry-spring-security [1]. It has everything you need and there is a snapshot [2] that works with T5.1. You can secure resources and if someone requests a secured resource authentication is required from the framework. So, no hacking possible. Michael [1] http://www.localhost.nu/java/tapestry-spring-security/index.html [2] nu.localhost.tapestry tapestry-spring-security 2.1.0-SNAPSHOT Chen schrieb: Hi, In a app that I'm going to develop, it requires users to log in before they can browse job related info, quite a number of those are pictures, those photos now are stored in folders of the server, the easiest way is, link that folder to tomcat's context, and program can refer to a particular photo with < img> tag, problem is, once the link is obtained, user can refer to that photo even without log in, any idea how to meet this requirement? One way I can think of is, program will copy the photo on demand to a temp folder, but it will slow down the rendering, any idea how to meet this requirement with tapestry 5? Thanks, - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
t5: protecting data from public access
Hi, In a app that I'm going to develop, it requires users to log in before they can browse job related info, quite a number of those are pictures, those photos now are stored in folders of the server, the easiest way is, link that folder to tomcat's context, and program can refer to a particular photo with < img> tag, problem is, once the link is obtained, user can refer to that photo even without log in, any idea how to meet this requirement? One way I can think of is, program will copy the photo on demand to a temp folder, but it will slow down the rendering, any idea how to meet this requirement with tapestry 5? Thanks, -- View this message in context: http://www.nabble.com/t5%3A-protecting-data-from-public-access-tp23959208p23959208.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org