Hello, Norman!
That's exactly the feedback I was looking for. Thank you very, very much!
Yeah, you've convinced me of talking about security, even if it's just one
security framework (Shiro) and explaining just the core concepts and how
to make them work in Tapestry. It wouldn't make sense to make a book on
Tapestry to talk in depth about other framework (Shiro). I've never used
Shiro myself, but I'll learn it, that's something I was planning to do
anyway. :) I'll answer your other points in another message.
On Tue, 06 Aug 2013 19:20:08 -0300, Norman Franke <nor...@myasd.com> wrote:
On Aug 6, 2013, at 7:22 AM, Thiago H de Paula Figueiredo
<thiag...@gmail.com> wrote:
Some topics I'd be interested in:
- Application security, authentication and authorization- best
practices
with several popular frameworks
Several popular frameworks? Which ones?
Doesn't this fall a little over the focus of the book, which is
Tapestry itself? The book can talk about setting up Apache Shiro via
tapestry-security, for example, but then talking about Shiro
specifically looks like lack of coesion (in the OOP sense) to me. Of
course, security is very important.
I think the fact that Tapestry doesn't offer a security framework out of
the box is sort of silly in this day and age. I've never worked on a web
site that didn't need authentication and authorization support. So I
definitely think you should talk about it at least enough to implement a
non-trivial application with custom login pages and database-driven
users/roles. Going with whatever library is considered "best practice"
should be enough, e.g. tapestry-security. Maybe best practice has yet to
be written.
Solutions like tapestry-security cache page requires roles and changes
don't take effect until you restart. Shiro caches roles between
sessions, too, which leads to all sorts of problems if you change them.
Basically, it still doesn't "just work" and a working, flexible solution
needs to be there to use Tapestry for anything non-trivial.
One thing that always messes me up, and for which I've still never found
a solution, is to have a login page loaded with HTTPS, form submission
via HTTPS and then switch back to normal HTTP for performance. It just
won't work due to the secure cookies. This is but one challenge to
writing a full-featured application.
Other topic ideas and elaborations on your ideas:
1. A decent example to do Grid Data Sources. I've written my own class,
SQLQueryGridDataSource to make up for the inflexibility of Tapestry's
built-in classes. You are welcome to my class, if desired. I'm sure just
about everyone has written their own to be more flexible than
HibernateGridDataSource.
2. AJAX: the biggest issue I've faced is wanting to put forms inside of
a popup dialog, e.g. Modalbox. I'd love to see a well-written example
that just works, including form validation (client and server). I've
hacked up something that works for me, but it's not a component because
the JavaScript needs to know too much about the page. I'm sure it's
possible, I just haven't explored it enough. Another one is how to use
something like Modalbox to do a confirm delete dialog on a button or
link.
3. As many examples of customizing built-in Tapestry behavior as
possible would be great. For example, I wrote a validator contribution
that looks in .properties files so you can add validators to
BeanEditorForms easily. That sort of stuff is nice to see how it should
be done well, for example, I never could figure out how to allow for
.properties inheritance (e.g. component, page, application-level.)
4. You have symbols listed. A nice description of some of the more
useful ones would be great.
5. Load balancing and Tapestry under Tomcat and whatever other
containers are popular. Included should be techniques to minimize
session state while keeping excellent performance.
6. Publish and Subscribe, maybe via cometd. Integrating Apache CXF, too
(as client and server.)
7. Elegant ways to extend Grids to support multiple HTML rows per data
row. A more clever way to set default sorting. An example where you
store sort order as preferences (e.g. in a database).
8. Provide a library that implements a lot of the more commonly needed
stuff, like #1, #2, a click once, ajax spinner, JodaTime support, etc.
9. Widget integration best practices (AJAX and non-AJAX.) Probably
sticking to jQuery, since that seems to be the way of the future.
Anyway, I'd be interested in such a book. If you want to do Kickstarter,
maybe Howard can "sponsor" it?
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
--
Thiago H. de Paula Figueiredo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
