Hi Borut For rulling out everything but one "public" folder this configuration should work.
configuration.add(factory.createChain("/assets/**").add(factory.anon()).build()); configuration.add(factory.createChain("/public/**").add(factory.anon()).build()); configuration.add(factory.createChain("/**").add(factory.notfound()).build()); I've added the assets folder to the configuration for obvious reasons. If that doesn't work for you let me know and we'll take a closer look to the complete configuration. I've tested this with tapestry-security 0.5.0 and 0.4.6, which version are you using? Alejandro. On Tue, Apr 2, 2013 at 8:19 AM, Borut Bolčina <borut.bolc...@gmail.com> wrote: > Alejandro, > > I have just tried this approach with factory chains, but the solution still > eludes me. I've tried "every" variation of creating the right chain for > ruling out the index page and all other subfolders - besides one folder. > > This configuration is the closest of what I think should do the job: > > configuration.add(factory.createChain("/index").add(factory.notfound()).build()); > configuration.add(factory.createChain("/hidden1/**").add(factory.notfound()).build()); > configuration.add(factory.createChain("/hidden2/**").add(factory.notfound()).build()); > > but accessing http://localhost (or http://localhost/index) still renders > the index page and the hidden pages. > > If I remove the first line (with /index), then I get 404 as expected for > the hidden folders, but the index page is visible. > > I am running the app locally with Jetty > (jetty-maven-plugin:8.1.9.v20130131). > > -borut > > > > > > > > > > > 2013/3/29 Alejandro Scandroli <alejandroscandr...@gmail.com> > >> Hi Borut >> >> Using tapestry-security you have a couple of options. >> >> If you have all the protected/hidden pages in the same folder you >> could do something like this: >> >> >> configuration.add(factory.createChain("/yourfolder/**").add(factory.notfound()).build()); >> >> If they are not in the same folder you can create one rule per folder >> or in the worst case one rule per page. >> >> The reversed logic would be, block access to the root "/" and then >> give anon access to your visible pages. >> >> >> configuration.add(factory.createChain("/assets/**").add(factory.anon()).build()); >> >> configuration.add(factory.createChain("/signin").add(factory.anon()).build()); >> >> configuration.add(factory.createChain("/visibleFolder/**").add(factory.anon()).build()); >> >> configuration.add(factory.createChain("/visiblePage1").add(factory.anon()).build()); >> >> configuration.add(factory.createChain("/visiblePage2").add(factory.anon()).build()); >> >> configuration.add(factory.createChain("/").add(factory.anon()).build()); >> >> configuration.add(factory.createChain("/**").add(factory.notfound()).build()); >> >> Please, be careful with this, eventlinks and forms in the visible >> pages may need their own rules. >> >> Finally, my preferred way to handle this is with a role. You could use >> something like @RequireRole("beta"). >> >> Good luck with the launch. >> Alejandro. >> >> >> >> On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo >> <thiag...@gmail.com> wrote: >> > On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina < >> borut.bolc...@gmail.com> >> > wrote: >> > >> >> Hello, >> > >> > >> > Hi! >> > >> > >> >> What is the least obtrusive way to mark pages "hidden" in production >> mode >> >> or with some other configuration setting. >> > >> > >> > I'd try adding a RequestFilter and have some logic there to define >> whether >> > the request is for a hidden page. If yes, return a 404 error. >> > >> > -- >> > Thiago H. de Paula Figueiredo >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> > For additional commands, e-mail: users-h...@tapestry.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org