Alejandro,
I have just tried this approach with factory chains, but the solution still
eludes me. I've tried "every" variation of creating the right chain for
ruling out the index page and all other subfolders - besides one folder.
This configuration is the closest of what I think should do the job:
configuration.add(factory.createChain("/index").add(factory.notfound()).build());
configuration.add(factory.createChain("/hidden1/**").add(factory.notfound()).build());
configuration.add(factory.createChain("/hidden2/**").add(factory.notfound()).build());
but accessing http://localhost (or http://localhost/index) still renders
the index page and the hidden pages.
If I remove the first line (with /index), then I get 404 as expected for
the hidden folders, but the index page is visible.
I am running the app locally with Jetty
(jetty-maven-plugin:8.1.9.v20130131).
-borut
2013/3/29 Alejandro Scandroli <alejandroscandr...@gmail.com>
> Hi Borut
>
> Using tapestry-security you have a couple of options.
>
> If you have all the protected/hidden pages in the same folder you
> could do something like this:
>
>
> configuration.add(factory.createChain("/yourfolder/**").add(factory.notfound()).build());
>
> If they are not in the same folder you can create one rule per folder
> or in the worst case one rule per page.
>
> The reversed logic would be, block access to the root "/" and then
> give anon access to your visible pages.
>
>
> configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/signin").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/visibleFolder/**").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/visiblePage1").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/visiblePage2").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/**").add(factory.notfound()).build());
>
> Please, be careful with this, eventlinks and forms in the visible
> pages may need their own rules.
>
> Finally, my preferred way to handle this is with a role. You could use
> something like @RequireRole("beta").
>
> Good luck with the launch.
> Alejandro.
>
>
>
> On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo
> <thiag...@gmail.com> wrote:
> > On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina <
> borut.bolc...@gmail.com>
> > wrote:
> >
> >> Hello,
> >
> >
> > Hi!
> >
> >
> >> What is the least obtrusive way to mark pages "hidden" in production
> mode
> >> or with some other configuration setting.
> >
> >
> > I'd try adding a RequestFilter and have some logic there to define
> whether
> > the request is for a hidden page. If yes, return a 404 error.
> >
> > --
> > Thiago H. de Paula Figueiredo
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
