Hi Borut
For rulling out everything but one "public" folder this configuration
should work.
configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
configuration.add(factory.createChain("/public/**").add(factory.anon()).build());
configuration.add(factory.createChain("/**").add(factory.notfound()).build());
I've added the assets folder to the configuration for obvious reasons.
If that doesn't work for you let me know and we'll take a closer look
to the complete configuration.
I've tested this with tapestry-security 0.5.0 and 0.4.6, which version
are you using?
Alejandro.
On Tue, Apr 2, 2013 at 8:19 AM, Borut Bolčina <borut.bolc...@gmail.com> wrote:
> Alejandro,
>
> I have just tried this approach with factory chains, but the solution still
> eludes me. I've tried "every" variation of creating the right chain for
> ruling out the index page and all other subfolders - besides one folder.
>
> This configuration is the closest of what I think should do the job:
>
> configuration.add(factory.createChain("/index").add(factory.notfound()).build());
> configuration.add(factory.createChain("/hidden1/**").add(factory.notfound()).build());
> configuration.add(factory.createChain("/hidden2/**").add(factory.notfound()).build());
>
> but accessing http://localhost (or http://localhost/index) still renders
> the index page and the hidden pages.
>
> If I remove the first line (with /index), then I get 404 as expected for
> the hidden folders, but the index page is visible.
>
> I am running the app locally with Jetty
> (jetty-maven-plugin:8.1.9.v20130131).
>
> -borut
>
>
>
>
>
>
>
>
>
>
> 2013/3/29 Alejandro Scandroli <alejandroscandr...@gmail.com>
>
>> Hi Borut
>>
>> Using tapestry-security you have a couple of options.
>>
>> If you have all the protected/hidden pages in the same folder you
>> could do something like this:
>>
>>
>> configuration.add(factory.createChain("/yourfolder/**").add(factory.notfound()).build());
>>
>> If they are not in the same folder you can create one rule per folder
>> or in the worst case one rule per page.
>>
>> The reversed logic would be, block access to the root "/" and then
>> give anon access to your visible pages.
>>
>>
>> configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
>>
>> configuration.add(factory.createChain("/signin").add(factory.anon()).build());
>>
>> configuration.add(factory.createChain("/visibleFolder/**").add(factory.anon()).build());
>>
>> configuration.add(factory.createChain("/visiblePage1").add(factory.anon()).build());
>>
>> configuration.add(factory.createChain("/visiblePage2").add(factory.anon()).build());
>>
>> configuration.add(factory.createChain("/").add(factory.anon()).build());
>>
>> configuration.add(factory.createChain("/**").add(factory.notfound()).build());
>>
>> Please, be careful with this, eventlinks and forms in the visible
>> pages may need their own rules.
>>
>> Finally, my preferred way to handle this is with a role. You could use
>> something like @RequireRole("beta").
>>
>> Good luck with the launch.
>> Alejandro.
>>
>>
>>
>> On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo
>> <thiag...@gmail.com> wrote:
>> > On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina <
>> borut.bolc...@gmail.com>
>> > wrote:
>> >
>> >> Hello,
>> >
>> >
>> > Hi!
>> >
>> >
>> >> What is the least obtrusive way to mark pages "hidden" in production
>> mode
>> >> or with some other configuration setting.
>> >
>> >
>> > I'd try adding a RequestFilter and have some logic there to define
>> whether
>> > the request is for a hidden page. If yes, return a 404 error.
>> >
>> > --
>> > Thiago H. de Paula Figueiredo
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> > For additional commands, e-mail: users-h...@tapestry.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
