One more thing to add to Peter's mail: I'm not a security expert, I know some common exploits and how to secure against them but certainly these guys are much more informed than me (spring security - apache shiro devs). That's why even on small apps that have a face on the web i use them. Security is something that I don't want to worry later nor my knowledge area, how many people on this list constantly go to sites devoted to security? excluding Kalle of course : ), JM2C.
On 12/29/09 1:16 AM, "users-digest-h...@tapestry.apache.org" <users-digest-h...@tapestry.apache.org> wrote: > From: <p.stavrini...@albourne.com> > Date: Mon, 28 Dec 2009 09:42:05 +0000 (GMT) > To: Tapestry users <users@tapestry.apache.org> > Subject: Re: About T5 integration modules > > Hi All, > > I have been using Tapestry for the last 4-5 years, it is our companies > framework of choice and I personally want only whats best for the framework > and community, I want to see it grow and thrive since we are heavily invested > in it, and I also enjoy developing with it. > > A few years back Tapestry lost a lot of ground to Wicket and other frameworks > because of backward compatibility issues, when the controversial rewrite > (Tapestry 5) was announced... people and companies who had invested in > Tapestry 4 felt hard done by. Tapestry 5 is perhaps one of the most > progressive web frameworks around, but it seems Howard you only listen to your > community once the rubicon has already been crossed. > > I had hoped that we all learned from that experience and that Tapestry will > grow this time around, increasing the community should be the top priority, as > there is strength in numbers, so if this means writing a few 'easy' > integration modules and improving the docs, then whats the big deal... new > users will appreciate it. > >> I'm also a bit surprised at how eager people are to make use of >> cumbersome solutions like Spring Security to accomplish simple tasks >> such as protecting pages. > I wrote my security solution from scratch using Tapestry RequestFilters, but > even so I am surprised that you are surprised... Web frameworks should provide > some documented security features / at least guidelines, people will obviously > turn to Spring because there is already an integration module for Tapestry and > they may not want to, or simply can't afford the time to do everything from > scratch, built-in framework features are at least well tested as well, so if > they do the job then people will feel comfortable to use them... time to > market is very important in my book too, thats why people use web frameworks > in the first place (i.e.: to leverage existing resources), surely you all know > that? > >> Ideally there would be a single solution for this, >> but I've found that page security is just not a one-size-fits-all >> solution. > Perhaps there is some truth there, but thats no reason to ignore the problem > entirely, there is also plenty of commonality. > >> but I'd rather talk >> about how easy it is to create your own custom extensions that work >> precisely as you need. > Okay I am sold, so lets have a place for the community to dump extensions / > components and people can simply pick and customize whatever they need, and > lets document it properly... but my major point is that Tapestry needs to grow > and not stagnate, so getting the community more involved is the key. > > Merry Christmas to all! > Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org