You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@isis.apache.org by Aída Betzabeth Dávila Sotelo <ai...@vortech-it.com> on 2017/01/31 19:43:51 UTC
Cancel Wicket Access
Hi!
I need to cancel the access using wicket viewer, how can I restrict it?
My application works with swagger services and I want the users only have this access through the services.
I have tried creating a role and giving permissions, but when giving permissions to my dom, after that you can see in the application using the wicket.
What do you suggest to not allow access to the wicket viewer?
What could I do?
Thanks
Aída
Re: Cancel Wicket Access
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
What about removing WicketFilter from web.xml ? [1]
This way the Wicket Viewer won't be started at all.
1.
https://github.com/apache/isis/blob/5fca1812c024e550413df3764cfb4bfdb101a1f0/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L216-L227
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Tue, Jan 31, 2017 at 8:43 PM, Aída Betzabeth Dávila Sotelo <
aida.davila@vortech-it.com> wrote:
> Hi!
> I need to cancel the access using wicket viewer, how can I restrict it?
> My application works with swagger services and I want the users only have
> this access through the services.
>
> I have tried creating a role and giving permissions, but when giving
> permissions to my dom, after that you can see in the application using the
> wicket.
>
> What do you suggest to not allow access to the wicket viewer?
> What could I do?
>
> Thanks
> Aída
>
Re: Cancel Wicket Access
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
If you go with Martin's suggestion (removing WicketFiter), then you'll
actually also need to add in some config:
https://github.com/apache/isis/blob/5fca1812c024e550413df3764cfb4bfdb101a1f0/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L249
That's because the WicketApplication if present actually also does the
bootstrapping of Apache Isis itself. If it isn't present, then we use
the IsisWebAppBootstrapper (a servlet context listener) instead.
HTH
Dan
PS: if you do go this way, then let us know if it doesn't work... haven't
tried it out for a while.
On Tue, 31 Jan 2017 at 20:21 Ahmed Ragab <ah...@gmail.com> wrote:
> You would also need to remove the wicket viewer from the isis.viewers
> context param:
> <context-param>
> <param-name>isis.viewers</param-name>
> <param-value>wicket,restfulobjects</param-value>
> </context-param>
>
> Best Regards,
> Ahmed Ragab, M.Sc.
>
> On 31 Jan 2017, 20:49 +0100, JL Marizan <jo...@gmail.com>, wrote:
> > You could put a reverse proxy on front of Isis like nginx and restrict
> the
> > access per URL:
> > adding a rule to nginx is easy:
> > location ~ ^/wicket-viewer/* {
> > deny all;
> > }
> >
> > El mar., 31 de ene. de 2017 a la(s) 15:44, Aída Betzabeth Dávila Sotelo <
> > aida.davila@vortech-it.com> escribió:
> >
> > > Hi!
> > > I need to cancel the access using wicket viewer, how can I restrict it?
> > > My application works with swagger services and I want the users only
> have
> > > this access through the services.
> > >
> > > I have tried creating a role and giving permissions, but when giving
> > > permissions to my dom, after that you can see in the application using
> the
> > > wicket.
> > >
> > > What do you suggest to not allow access to the wicket viewer?
> > > What could I do?
> > >
> > > Thanks
> > > Aída
> > >
>
Re: Cancel Wicket Access
Posted by Ahmed Ragab <ah...@gmail.com>.
You would also need to remove the wicket viewer from the isis.viewers context param:
<context-param>
<param-name>isis.viewers</param-name>
<param-value>wicket,restfulobjects</param-value>
</context-param>
Best Regards,
Ahmed Ragab, M.Sc.
On 31 Jan 2017, 20:49 +0100, JL Marizan <jo...@gmail.com>, wrote:
> You could put a reverse proxy on front of Isis like nginx and restrict the
> access per URL:
> adding a rule to nginx is easy:
> location ~ ^/wicket-viewer/* {
> deny all;
> }
>
> El mar., 31 de ene. de 2017 a la(s) 15:44, Aída Betzabeth Dávila Sotelo <
> aida.davila@vortech-it.com> escribió:
>
> > Hi!
> > I need to cancel the access using wicket viewer, how can I restrict it?
> > My application works with swagger services and I want the users only have
> > this access through the services.
> >
> > I have tried creating a role and giving permissions, but when giving
> > permissions to my dom, after that you can see in the application using the
> > wicket.
> >
> > What do you suggest to not allow access to the wicket viewer?
> > What could I do?
> >
> > Thanks
> > Aída
> >
Re: Cancel Wicket Access
Posted by JL Marizan <jo...@gmail.com>.
You could put a reverse proxy on front of Isis like nginx and restrict the
access per URL:
adding a rule to nginx is easy:
location ~ ^/wicket-viewer/* {
deny all;
}
El mar., 31 de ene. de 2017 a la(s) 15:44, Aída Betzabeth Dávila Sotelo <
aida.davila@vortech-it.com> escribió:
> Hi!
> I need to cancel the access using wicket viewer, how can I restrict it?
> My application works with swagger services and I want the users only have
> this access through the services.
>
> I have tried creating a role and giving permissions, but when giving
> permissions to my dom, after that you can see in the application using the
> wicket.
>
> What do you suggest to not allow access to the wicket viewer?
> What could I do?
>
> Thanks
> Aída
>