You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by angelochen <an...@yahoo.com.hk> on 2011/12/30 02:32:32 UTC
tapestry-security
Hi,
tried tynamo's tapestry-security just a few hours, it's really a very handy
framework. got a question, T5's annotation @Secure can be placed in a Index
page of a package that makes all the pages @Secure, can
@RequiresAuthentication do something similar? thanks,
Angelo
--
View this message in context: http://tapestry.1045711.n5.nabble.com/tapestry-security-tp5109017p5109017.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tapestry-security
Posted by Kalle Korhonen <ka...@gmail.com>.
On Thu, Dec 29, 2011 at 11:31 PM, angelochen <an...@yahoo.com.hk> wrote:
> One more question, when you go to a @RequiresAuthentication page, it will
> show the login page, that's good, then, the url in the browser does not
> change, seems it just do a forward, is there a way to do a redirect instead
> so the url got changed in the browser? thanks,
Not yet, see http://comments.gmane.org/gmane.comp.java.tynamo.devel/240.
Kalle
> View this message in context: http://tapestry.1045711.n5.nabble.com/tapestry-security-tp5109017p5109496.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tapestry-security
Posted by angelochen <an...@yahoo.com.hk>.
Hi,
One more question, when you go to a @RequiresAuthentication page, it will
show the login page, that's good, then, the url in the browser does not
change, seems it just do a forward, is there a way to do a redirect instead
so the url got changed in the browser? thanks,
Angelo
--
View this message in context: http://tapestry.1045711.n5.nabble.com/tapestry-security-tp5109017p5109496.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tapestry-security
Posted by Kalle Korhonen <ka...@gmail.com>.
On Thu, Dec 29, 2011 at 7:23 PM, angelochen <an...@yahoo.com.hk> wrote:
> so we can do something like this:
> configuration.add(factory.createChain("/admin/**").add(factory.authc()).build());
> the entire admin package should be protected, right?
Exactly.
Kalle
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tapestry-security
Posted by angelochen <an...@yahoo.com.hk>.
so we can do something like this:
configuration.add(factory.createChain("/admin/**").add(factory.authc()).build());
the entire admin package should be protected, right?
I like that reverse annotation approach, or probably something like https in
tapestry5, once set, everything should be https unless specified
otherwise(https has no exception I believe)
I see a lot of improvements I can make to my existing application with
tynamo security, I do not like too much dependencies in the app, however
this tynamo dependency should have been something I have depended on long
time ago, anyway, thanks for the nice package.
Kalle Korhonen-2 wrote
>
>
> It could, but currently it doesn't. You can achieve roughly the same
> effect with url-based filtering, i.e:
> configuration.add(factory.createChain("/**").add(factory.authc()).build());
>
> I've long thought about creating "reverse" annotations but so far
> haven't implemented them. So instead of @RequiresXXX, you could put
> the application in a "very secure" mode, then poke holes in the page
> security with @AllowsAnonymous etc. annotations, similar to how
> firewalls are typically configured. I just hate the possibility of
> accidentally leaving some doors open.
>
> Kalle
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@.apache
> For additional commands, e-mail: users-help@.apache
>
--
View this message in context: http://tapestry.1045711.n5.nabble.com/tapestry-security-tp5109017p5109158.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tapestry-security
Posted by Kalle Korhonen <ka...@gmail.com>.
On Thu, Dec 29, 2011 at 5:32 PM, angelochen <an...@yahoo.com.hk> wrote:
> tried tynamo's tapestry-security just a few hours, it's really a very handy
> framework.
Thanks.
> got a question, T5's annotation @Secure can be placed in a Index
> page of a package that makes all the pages @Secure, can
> @RequiresAuthentication do something similar? thanks,
It could, but currently it doesn't. You can achieve roughly the same
effect with url-based filtering, i.e:
configuration.add(factory.createChain("/**").add(factory.authc()).build());
I've long thought about creating "reverse" annotations but so far
haven't implemented them. So instead of @RequiresXXX, you could put
the application in a "very secure" mode, then poke holes in the page
security with @AllowsAnonymous etc. annotations, similar to how
firewalls are typically configured. I just hate the possibility of
accidentally leaving some doors open.
Kalle
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: tapestry-security
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
I don't believe so but you can do it very easily programmatically via auth().build() methods like it says in the guide.
On Dec 29, 2011, at 8:32 PM, angelochen <an...@yahoo.com.hk> wrote:
> Hi,
>
> tried tynamo's tapestry-security just a few hours, it's really a very handy
> framework. got a question, T5's annotation @Secure can be placed in a Index
> page of a package that makes all the pages @Secure, can
> @RequiresAuthentication do something similar? thanks,
>
> Angelo
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/tapestry-security-tp5109017p5109017.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org