One more thing to add to Peter's mail:
I'm not a security expert, I know some common exploits and how to secure
against them but certainly these guys are much more informed than me (spring
security - apache shiro devs). That's why even on small apps that have a
face on the web i use them. Security is something that I don't want to worry
later nor my knowledge area, how many people on this list constantly go to
sites devoted to security? excluding Kalle of course : ), JM2C.
On 12/29/09 1:16 AM, users-digest-h...@tapestry.apache.org
users-digest-h...@tapestry.apache.org wrote:
From: p.stavrini...@albourne.com
Date: Mon, 28 Dec 2009 09:42:05 + (GMT)
To: Tapestry users users@tapestry.apache.org
Subject: Re: About T5 integration modules
Hi All,
I have been using Tapestry for the last 4-5 years, it is our companies
framework of choice and I personally want only whats best for the framework
and community, I want to see it grow and thrive since we are heavily invested
in it, and I also enjoy developing with it.
A few years back Tapestry lost a lot of ground to Wicket and other frameworks
because of backward compatibility issues, when the controversial rewrite
(Tapestry 5) was announced... people and companies who had invested in
Tapestry 4 felt hard done by. Tapestry 5 is perhaps one of the most
progressive web frameworks around, but it seems Howard you only listen to your
community once the rubicon has already been crossed.
I had hoped that we all learned from that experience and that Tapestry will
grow this time around, increasing the community should be the top priority, as
there is strength in numbers, so if this means writing a few 'easy'
integration modules and improving the docs, then whats the big deal... new
users will appreciate it.
I'm also a bit surprised at how eager people are to make use of
cumbersome solutions like Spring Security to accomplish simple tasks
such as protecting pages.
I wrote my security solution from scratch using Tapestry RequestFilters, but
even so I am surprised that you are surprised... Web frameworks should provide
some documented security features / at least guidelines, people will obviously
turn to Spring because there is already an integration module for Tapestry and
they may not want to, or simply can't afford the time to do everything from
scratch, built-in framework features are at least well tested as well, so if
they do the job then people will feel comfortable to use them... time to
market is very important in my book too, thats why people use web frameworks
in the first place (i.e.: to leverage existing resources), surely you all know
that?
Ideally there would be a single solution for this,
but I've found that page security is just not a one-size-fits-all
solution.
Perhaps there is some truth there, but thats no reason to ignore the problem
entirely, there is also plenty of commonality.
but I'd rather talk
about how easy it is to create your own custom extensions that work
precisely as you need.
Okay I am sold, so lets have a place for the community to dump extensions /
components and people can simply pick and customize whatever they need, and
lets document it properly... but my major point is that Tapestry needs to grow
and not stagnate, so getting the community more involved is the key.
Merry Christmas to all!
Peter
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
