You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "Thiago H. de Paula Figueiredo" <th...@gmail.com> on 2009/09/08 17:27:33 UTC
Projects and sites powered by Tapestry
Hi!
I guess this was already discussed some time ago, but I couldn't find it.
:( Anyway, it's been a long time, so let's get it started again. ;)
Tapestry is a wonderful framework, but it isn't the best known one around.
Sometimes, managers ask us to provide some projects/sites/success
stories/etc using it so they can be more confident about Tapestry. There's
a Success Stories page in the wiki
(http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had any
edit since 2007-10-05.
What about sharing your success stories with us, promoting Tapestry
(specially T5)? If the project is a public website, please post the URL
here. I think we should have a list of Tapestry-powered sites.
Thanks in advance.
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Angelo Chen <an...@yahoo.com.hk>.
Hi Martijn,
Thanks for sharing, I tried the exact code, here is the problem:
http://example.com/assets/
under tomcat, this still shows everything under WEB-INF, but it works under
jetty, any idea?
martijn.list wrote:
>
> A solution to this problem has been posted multiple times. It has even
> been posted in this thread but I'll post it again
>
>
>
> I use the following code to whitelist some assets. Access to non white
> listed assets is denied.
>
> Add to your application module:
>
>
> private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
> "gif", "js", "css", "ico"};
>
> /*
> * All the assets that are allowed to be downloaded using the assets
> service (including files without extension and dirs)
> */
> private static final Set<String> assetsWhitelist =
> Collections.synchronizedSet(
> new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
>
> public void
> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
> configuration,
> @Inject @Value("${access-denied-page}") final String
> accessDeniedPage)
> {
> /*
> * Create a filter that will block access to some assets. The asset
> service allows access to some assets we do
> * not want to expose. The asset service will show all files in
> /assets/ directory and allows you (by default)
> * to download some files which you do not want to expose.
> */
> HttpServletRequestFilter filter = new HttpServletRequestFilter()
> {
> public boolean service(HttpServletRequest request,
> HttpServletResponse response, HttpServletRequestHandler handler)
> throws IOException
> {
> String path = request.getServletPath();
>
> if (path.startsWith("/assets") && (!assetsWhitelist.contains(
>
> StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
> {
> logger.warn("access to asset " + path + " denied");
>
> response.sendRedirect(request.getContextPath() + "/" +
> accessDeniedPage);
>
> return true;
> }
>
> return handler.service(request, response);
> }
> };
>
> configuration.add("AssetProtectionFilter", filter , "before:*");
> }
>
>
> Angelo Chen wrote:
>> Hi,
>> I use the code to protect assets, here is the url:
>>
>> http://example.com/assets
>> http://example.com/assets/
>>
>> the first url, following code works, second URL, if it runs in jetty, the
>> code works, but if it is under tomcat 6, it still lists files under
>> WEB-INF,
>> any idea? Thanks,
>>
>>
>>
>>
>>
>>
>> martijn.list wrote:
>>> Angelo Chen wrote:
>>>> how to close access to ".class" and ".tml"?
>>>>
>>>
>>> This has been posted to the list multiple times so I another time
>>> wouldn't hurt ;)
>>>
>>>
>>> I use the following code to whitelist some assets. Access to non white
>>> listed assets is denied.
>>>
>>> Add to your application module:
>>>
>>>
>>> private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
>>> "gif", "js", "css", "ico"};
>>>
>>> /*
>>> * All the assets that are allowed to be downloaded using the assets
>>> service (including files without extension and dirs)
>>> */
>>> private static final Set<String> assetsWhitelist =
>>> Collections.synchronizedSet(
>>> new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
>>>
>>> public void
>>> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
>>> configuration,
>>> @Inject @Value("${access-denied-page}") final String
>>> accessDeniedPage)
>>> {
>>> /*
>>> * Create a filter that will block access to some assets. The asset
>>> service allows access to some assets we do
>>> * not want to expose. The asset service will show all files in
>>> /assets/ directory and allows you (by default)
>>> * to download some files which you do not want to expose.
>>> */
>>> HttpServletRequestFilter filter = new HttpServletRequestFilter()
>>> {
>>> public boolean service(HttpServletRequest request,
>>> HttpServletResponse response, HttpServletRequestHandler handler)
>>> throws IOException
>>> {
>>> String path = request.getServletPath();
>>>
>>> if (path.startsWith("/assets") &&
>>> (!assetsWhitelist.contains(
>>>
>>> StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
>>> {
>>> logger.warn("access to asset " + path + " denied");
>>>
>>> response.sendRedirect(request.getContextPath() + "/" +
>>> accessDeniedPage);
>>>
>>> return true;
>>> }
>>>
>>> return handler.service(request, response);
>>> }
>>> };
>>>
>>> configuration.add("AssetProtectionFilter", filter , "before:*");
>>> }
>>>
>>>
>>>> Sergey Didenko wrote:
>>>>> BTW, it's worth to remind again everyone who is going to publish their
>>>>> site urls, to close the access to ".class" and ".tml" files .
>>>>>
>>>>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
>>>>> wrote:
>>>>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>>>>>> Figueiredo<th...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi!
>>>>>>>
>>>>>>> I guess this was already discussed some time ago, but I couldn't
>>>>>>> find
>>>>>>> it. :(
>>>>>>> Anyway, it's been a long time, so let's get it started again. ;)
>>>>>>>
>>>>>>> Tapestry is a wonderful framework, but it isn't the best known one
>>>>>>> around.
>>>>>>> Sometimes, managers ask us to provide some projects/sites/success
>>>>>>> stories/etc using it so they can be more confident about Tapestry.
>>>>>>> There's a
>>>>>>> Success Stories page in the wiki
>>>>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had
>>>>>>> any
>>>>>>> edit
>>>>>>> since 2007-10-05.
>>>>>>>
>>>>>>> What about sharing your success stories with us, promoting Tapestry
>>>>>>> (specially T5)? If the project is a public website, please post the
>>>>>>> URL
>>>>>>> here. I think we should have a list of Tapestry-powered sites.
>>>>>>>
>>>>>>> Thanks in advance.
>>>>>> It would be great to have that page more up to date but i remember
>>>>>> Howard asking for "private" user stories and more then one have
>>>>>> replied him even personally so i guess if that would make sense too
>>>>>> to
>>>>>> have that stories online.
>>>>>> Do i remember correctly Howard?
>>>>>>
>>>>>> --
>>>>>> Massimo
>>>>>> http://meridio.blogspot.com
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>
>>>>>
>>>>>
>>>
>>> --
>>> Djigzo open source email encryption
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>>
>>
>
>
> --
> Djigzo open source email encryption
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Projects-and-sites-powered-by-Tapestry-tp25348447p25732434.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by "martijn.list" <ma...@gmail.com>.
A solution to this problem has been posted multiple times. It has even
been posted in this thread but I'll post it again
I use the following code to whitelist some assets. Access to non white
listed assets is denied.
Add to your application module:
private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
"gif", "js", "css", "ico"};
/*
* All the assets that are allowed to be downloaded using the assets
service (including files without extension and dirs)
*/
private static final Set<String> assetsWhitelist =
Collections.synchronizedSet(
new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
public void
contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
configuration,
@Inject @Value("${access-denied-page}") final String
accessDeniedPage)
{
/*
* Create a filter that will block access to some assets. The asset
service allows access to some assets we do
* not want to expose. The asset service will show all files in
/assets/ directory and allows you (by default)
* to download some files which you do not want to expose.
*/
HttpServletRequestFilter filter = new HttpServletRequestFilter()
{
public boolean service(HttpServletRequest request,
HttpServletResponse response, HttpServletRequestHandler handler)
throws IOException
{
String path = request.getServletPath();
if (path.startsWith("/assets") && (!assetsWhitelist.contains(
StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
{
logger.warn("access to asset " + path + " denied");
response.sendRedirect(request.getContextPath() + "/" +
accessDeniedPage);
return true;
}
return handler.service(request, response);
}
};
configuration.add("AssetProtectionFilter", filter , "before:*");
}
Angelo Chen wrote:
> Hi,
> I use the code to protect assets, here is the url:
>
> http://example.com/assets
> http://example.com/assets/
>
> the first url, following code works, second URL, if it runs in jetty, the
> code works, but if it is under tomcat 6, it still lists files under WEB-INF,
> any idea? Thanks,
>
>
>
>
>
>
> martijn.list wrote:
>> Angelo Chen wrote:
>>> how to close access to ".class" and ".tml"?
>>>
>>
>> This has been posted to the list multiple times so I another time
>> wouldn't hurt ;)
>>
>>
>> I use the following code to whitelist some assets. Access to non white
>> listed assets is denied.
>>
>> Add to your application module:
>>
>>
>> private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
>> "gif", "js", "css", "ico"};
>>
>> /*
>> * All the assets that are allowed to be downloaded using the assets
>> service (including files without extension and dirs)
>> */
>> private static final Set<String> assetsWhitelist =
>> Collections.synchronizedSet(
>> new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
>>
>> public void
>> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
>> configuration,
>> @Inject @Value("${access-denied-page}") final String
>> accessDeniedPage)
>> {
>> /*
>> * Create a filter that will block access to some assets. The asset
>> service allows access to some assets we do
>> * not want to expose. The asset service will show all files in
>> /assets/ directory and allows you (by default)
>> * to download some files which you do not want to expose.
>> */
>> HttpServletRequestFilter filter = new HttpServletRequestFilter()
>> {
>> public boolean service(HttpServletRequest request,
>> HttpServletResponse response, HttpServletRequestHandler handler)
>> throws IOException
>> {
>> String path = request.getServletPath();
>>
>> if (path.startsWith("/assets") && (!assetsWhitelist.contains(
>>
>> StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
>> {
>> logger.warn("access to asset " + path + " denied");
>>
>> response.sendRedirect(request.getContextPath() + "/" +
>> accessDeniedPage);
>>
>> return true;
>> }
>>
>> return handler.service(request, response);
>> }
>> };
>>
>> configuration.add("AssetProtectionFilter", filter , "before:*");
>> }
>>
>>
>>> Sergey Didenko wrote:
>>>> BTW, it's worth to remind again everyone who is going to publish their
>>>> site urls, to close the access to ".class" and ".tml" files .
>>>>
>>>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
>>>> wrote:
>>>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>>>>> Figueiredo<th...@gmail.com> wrote:
>>>>>
>>>>>> Hi!
>>>>>>
>>>>>> I guess this was already discussed some time ago, but I couldn't find
>>>>>> it. :(
>>>>>> Anyway, it's been a long time, so let's get it started again. ;)
>>>>>>
>>>>>> Tapestry is a wonderful framework, but it isn't the best known one
>>>>>> around.
>>>>>> Sometimes, managers ask us to provide some projects/sites/success
>>>>>> stories/etc using it so they can be more confident about Tapestry.
>>>>>> There's a
>>>>>> Success Stories page in the wiki
>>>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had
>>>>>> any
>>>>>> edit
>>>>>> since 2007-10-05.
>>>>>>
>>>>>> What about sharing your success stories with us, promoting Tapestry
>>>>>> (specially T5)? If the project is a public website, please post the
>>>>>> URL
>>>>>> here. I think we should have a list of Tapestry-powered sites.
>>>>>>
>>>>>> Thanks in advance.
>>>>> It would be great to have that page more up to date but i remember
>>>>> Howard asking for "private" user stories and more then one have
>>>>> replied him even personally so i guess if that would make sense too to
>>>>> have that stories online.
>>>>> Do i remember correctly Howard?
>>>>>
>>>>> --
>>>>> Massimo
>>>>> http://meridio.blogspot.com
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>>
>>>>
>>
>> --
>> Djigzo open source email encryption
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
--
Djigzo open source email encryption
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Angelo Chen <an...@yahoo.com.hk>.
Hi,
I use the code to protect assets, here is the url:
http://example.com/assets
http://example.com/assets/
the first url, following code works, second URL, if it runs in jetty, the
code works, but if it is under tomcat 6, it still lists files under WEB-INF,
any idea? Thanks,
martijn.list wrote:
>
> Angelo Chen wrote:
>> how to close access to ".class" and ".tml"?
>>
>
>
> This has been posted to the list multiple times so I another time
> wouldn't hurt ;)
>
>
> I use the following code to whitelist some assets. Access to non white
> listed assets is denied.
>
> Add to your application module:
>
>
> private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
> "gif", "js", "css", "ico"};
>
> /*
> * All the assets that are allowed to be downloaded using the assets
> service (including files without extension and dirs)
> */
> private static final Set<String> assetsWhitelist =
> Collections.synchronizedSet(
> new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
>
> public void
> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
> configuration,
> @Inject @Value("${access-denied-page}") final String
> accessDeniedPage)
> {
> /*
> * Create a filter that will block access to some assets. The asset
> service allows access to some assets we do
> * not want to expose. The asset service will show all files in
> /assets/ directory and allows you (by default)
> * to download some files which you do not want to expose.
> */
> HttpServletRequestFilter filter = new HttpServletRequestFilter()
> {
> public boolean service(HttpServletRequest request,
> HttpServletResponse response, HttpServletRequestHandler handler)
> throws IOException
> {
> String path = request.getServletPath();
>
> if (path.startsWith("/assets") && (!assetsWhitelist.contains(
>
> StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
> {
> logger.warn("access to asset " + path + " denied");
>
> response.sendRedirect(request.getContextPath() + "/" +
> accessDeniedPage);
>
> return true;
> }
>
> return handler.service(request, response);
> }
> };
>
> configuration.add("AssetProtectionFilter", filter , "before:*");
> }
>
>
>>
>> Sergey Didenko wrote:
>>> BTW, it's worth to remind again everyone who is going to publish their
>>> site urls, to close the access to ".class" and ".tml" files .
>>>
>>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
>>> wrote:
>>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>>>> Figueiredo<th...@gmail.com> wrote:
>>>>
>>>>> Hi!
>>>>>
>>>>> I guess this was already discussed some time ago, but I couldn't find
>>>>> it. :(
>>>>> Anyway, it's been a long time, so let's get it started again. ;)
>>>>>
>>>>> Tapestry is a wonderful framework, but it isn't the best known one
>>>>> around.
>>>>> Sometimes, managers ask us to provide some projects/sites/success
>>>>> stories/etc using it so they can be more confident about Tapestry.
>>>>> There's a
>>>>> Success Stories page in the wiki
>>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had
>>>>> any
>>>>> edit
>>>>> since 2007-10-05.
>>>>>
>>>>> What about sharing your success stories with us, promoting Tapestry
>>>>> (specially T5)? If the project is a public website, please post the
>>>>> URL
>>>>> here. I think we should have a list of Tapestry-powered sites.
>>>>>
>>>>> Thanks in advance.
>>>> It would be great to have that page more up to date but i remember
>>>> Howard asking for "private" user stories and more then one have
>>>> replied him even personally so i guess if that would make sense too to
>>>> have that stories online.
>>>> Do i remember correctly Howard?
>>>>
>>>> --
>>>> Massimo
>>>> http://meridio.blogspot.com
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>>
>>
>
>
> --
> Djigzo open source email encryption
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Projects-and-sites-powered-by-Tapestry-tp25348447p25730229.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Angelo Chen <an...@yahoo.com.hk>.
is there a fix for this? the assets got exposed, sometimes a list of
directories, but don't know how re-produce this, just happen one time.
akochnev wrote:
>
> Benny,
> indeed that would be the case for a "traditional" web framework that
> serves web application assets (e.g. stylesheets, images, javascript) only
> from the publicly available directories (e.g. outside of WEB-INF).
> However,
> because of T5's component nature , if you deployed a component (e.g. as a
> jar in the web app) it might need to access assets from the classpath
> (e.g.
> from the component jar). Hence, currently there is a wide gaping security
> whole in a "stock" T5 application's Asset service, that it can access any
> files on the classpath (e.g. property files, .tml source, etc). There is
> an
> issue filed for this , some improvements in T5.1, and a few decent
> solutions
> (as the posting above mentions), but the framework is still very
> vulnerable.
>
>
> Cheers,
>
> Alex K
>
> On Thu, Sep 10, 2009 at 8:56 AM, Benny Law <be...@gmail.com> wrote:
>
>> Pardon me if I am mistaken, but shouldn't .class and .tml files be under
>> WEB-INF and hence inaccessible automatically?
>>
>> Benny
>>
>> On Thu, Sep 10, 2009 at 2:52 AM, martijn.list <martijn.list@gmail.com
>> >wrote:
>>
>> > Angelo Chen wrote:
>> >
>> >> how to close access to ".class" and ".tml"?
>> >>
>> >>
>> >
>> > This has been posted to the list multiple times so I another time
>> wouldn't
>> > hurt ;)
>> >
>> >
>> > I use the following code to whitelist some assets. Access to non white
>> > listed assets is denied.
>> >
>> > Add to your application module:
>> >
>> >
>> > private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
>> > "gif", "js", "css", "ico"};
>> >
>> > /*
>> > * All the assets that are allowed to be downloaded using the assets
>> > service (including files without extension and dirs)
>> > */
>> > private static final Set<String> assetsWhitelist =
>> > Collections.synchronizedSet(
>> > new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
>> >
>> > public void
>> >
>> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
>> > configuration,
>> > @Inject @Value("${access-denied-page}") final String
>> > accessDeniedPage)
>> > {
>> > /*
>> > * Create a filter that will block access to some assets. The asset
>> > service allows access to some assets we do
>> > * not want to expose. The asset service will show all files in
>> /assets/
>> > directory and allows you (by default)
>> > * to download some files which you do not want to expose.
>> > */
>> > HttpServletRequestFilter filter = new HttpServletRequestFilter()
>> > {
>> > public boolean service(HttpServletRequest request,
>> > HttpServletResponse response, HttpServletRequestHandler handler)
>> > throws IOException
>> > {
>> > String path = request.getServletPath();
>> >
>> > if (path.startsWith("/assets") &&
>> (!assetsWhitelist.contains(
>> >
>> > StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
>> > {
>> > logger.warn("access to asset " + path + " denied");
>> >
>> > response.sendRedirect(request.getContextPath() + "/" +
>> > accessDeniedPage);
>> >
>> > return true;
>> > }
>> >
>> > return handler.service(request, response);
>> > }
>> > };
>> >
>> > configuration.add("AssetProtectionFilter", filter , "before:*");
>> > }
>> >
>> >
>> >
>> >> Sergey Didenko wrote:
>> >>
>> >>> BTW, it's worth to remind again everyone who is going to publish
>> their
>> >>> site urls, to close the access to ".class" and ".tml" files .
>> >>>
>> >>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
>> >>> wrote:
>> >>>
>> >>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>> >>>> Figueiredo<th...@gmail.com> wrote:
>> >>>>
>> >>>> Hi!
>> >>>>>
>> >>>>> I guess this was already discussed some time ago, but I couldn't
>> find
>> >>>>> it. :(
>> >>>>> Anyway, it's been a long time, so let's get it started again. ;)
>> >>>>>
>> >>>>> Tapestry is a wonderful framework, but it isn't the best known one
>> >>>>> around.
>> >>>>> Sometimes, managers ask us to provide some projects/sites/success
>> >>>>> stories/etc using it so they can be more confident about Tapestry.
>> >>>>> There's a
>> >>>>> Success Stories page in the wiki
>> >>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had
>> >>>>> any
>> >>>>> edit
>> >>>>> since 2007-10-05.
>> >>>>>
>> >>>>> What about sharing your success stories with us, promoting Tapestry
>> >>>>> (specially T5)? If the project is a public website, please post the
>> URL
>> >>>>> here. I think we should have a list of Tapestry-powered sites.
>> >>>>>
>> >>>>> Thanks in advance.
>> >>>>>
>> >>>> It would be great to have that page more up to date but i remember
>> >>>> Howard asking for "private" user stories and more then one have
>> >>>> replied him even personally so i guess if that would make sense too
>> to
>> >>>> have that stories online.
>> >>>> Do i remember correctly Howard?
>> >>>>
>> >>>> --
>> >>>> Massimo
>> >>>> http://meridio.blogspot.com
>> >>>>
>> >>>>
>> ---------------------------------------------------------------------
>> >>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> >>>> For additional commands, e-mail: users-help@tapestry.apache.org
>> >>>>
>> >>>>
>> >>>>
>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> >>> For additional commands, e-mail: users-help@tapestry.apache.org
>> >>>
>> >>>
>> >>>
>> >>>
>> >>
>> >
>> > --
>> > Djigzo open source email encryption
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> > For additional commands, e-mail: users-help@tapestry.apache.org
>> >
>> >
>>
>
>
--
View this message in context: http://www.nabble.com/Projects-and-sites-powered-by-Tapestry-tp25348447p25727490.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Benny Law <be...@gmail.com>.
Thanks for the detailed info, Alex. There is so much to learn. I hope this
hole gets patched soon.
Benny
On Thu, Sep 10, 2009 at 9:41 AM, Alex Kotchnev <ak...@gmail.com> wrote:
> Benny,
> indeed that would be the case for a "traditional" web framework that
> serves web application assets (e.g. stylesheets, images, javascript) only
> from the publicly available directories (e.g. outside of WEB-INF). However,
> because of T5's component nature , if you deployed a component (e.g. as a
> jar in the web app) it might need to access assets from the classpath (e.g.
> from the component jar). Hence, currently there is a wide gaping security
> whole in a "stock" T5 application's Asset service, that it can access any
> files on the classpath (e.g. property files, .tml source, etc). There is an
> issue filed for this , some improvements in T5.1, and a few decent
> solutions
> (as the posting above mentions), but the framework is still very
> vulnerable.
>
>
> Cheers,
>
> Alex K
>
> On Thu, Sep 10, 2009 at 8:56 AM, Benny Law <be...@gmail.com> wrote:
>
> > Pardon me if I am mistaken, but shouldn't .class and .tml files be under
> > WEB-INF and hence inaccessible automatically?
> >
> > Benny
> >
> > On Thu, Sep 10, 2009 at 2:52 AM, martijn.list <martijn.list@gmail.com
> > >wrote:
> >
> > > Angelo Chen wrote:
> > >
> > >> how to close access to ".class" and ".tml"?
> > >>
> > >>
> > >
> > > This has been posted to the list multiple times so I another time
> > wouldn't
> > > hurt ;)
> > >
> > >
> > > I use the following code to whitelist some assets. Access to non white
> > > listed assets is denied.
> > >
> > > Add to your application module:
> > >
> > >
> > > private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
> > > "gif", "js", "css", "ico"};
> > >
> > > /*
> > > * All the assets that are allowed to be downloaded using the assets
> > > service (including files without extension and dirs)
> > > */
> > > private static final Set<String> assetsWhitelist =
> > > Collections.synchronizedSet(
> > > new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
> > >
> > > public void
> > >
> >
> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
> > > configuration,
> > > @Inject @Value("${access-denied-page}") final String
> > > accessDeniedPage)
> > > {
> > > /*
> > > * Create a filter that will block access to some assets. The asset
> > > service allows access to some assets we do
> > > * not want to expose. The asset service will show all files in
> > /assets/
> > > directory and allows you (by default)
> > > * to download some files which you do not want to expose.
> > > */
> > > HttpServletRequestFilter filter = new HttpServletRequestFilter()
> > > {
> > > public boolean service(HttpServletRequest request,
> > > HttpServletResponse response, HttpServletRequestHandler handler)
> > > throws IOException
> > > {
> > > String path = request.getServletPath();
> > >
> > > if (path.startsWith("/assets") &&
> (!assetsWhitelist.contains(
> > >
> > > StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
> > > {
> > > logger.warn("access to asset " + path + " denied");
> > >
> > > response.sendRedirect(request.getContextPath() + "/" +
> > > accessDeniedPage);
> > >
> > > return true;
> > > }
> > >
> > > return handler.service(request, response);
> > > }
> > > };
> > >
> > > configuration.add("AssetProtectionFilter", filter , "before:*");
> > > }
> > >
> > >
> > >
> > >> Sergey Didenko wrote:
> > >>
> > >>> BTW, it's worth to remind again everyone who is going to publish
> their
> > >>> site urls, to close the access to ".class" and ".tml" files .
> > >>>
> > >>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
> > >>> wrote:
> > >>>
> > >>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
> > >>>> Figueiredo<th...@gmail.com> wrote:
> > >>>>
> > >>>> Hi!
> > >>>>>
> > >>>>> I guess this was already discussed some time ago, but I couldn't
> find
> > >>>>> it. :(
> > >>>>> Anyway, it's been a long time, so let's get it started again. ;)
> > >>>>>
> > >>>>> Tapestry is a wonderful framework, but it isn't the best known one
> > >>>>> around.
> > >>>>> Sometimes, managers ask us to provide some projects/sites/success
> > >>>>> stories/etc using it so they can be more confident about Tapestry.
> > >>>>> There's a
> > >>>>> Success Stories page in the wiki
> > >>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't
> had
> > >>>>> any
> > >>>>> edit
> > >>>>> since 2007-10-05.
> > >>>>>
> > >>>>> What about sharing your success stories with us, promoting Tapestry
> > >>>>> (specially T5)? If the project is a public website, please post the
> > URL
> > >>>>> here. I think we should have a list of Tapestry-powered sites.
> > >>>>>
> > >>>>> Thanks in advance.
> > >>>>>
> > >>>> It would be great to have that page more up to date but i remember
> > >>>> Howard asking for "private" user stories and more then one have
> > >>>> replied him even personally so i guess if that would make sense too
> to
> > >>>> have that stories online.
> > >>>> Do i remember correctly Howard?
> > >>>>
> > >>>> --
> > >>>> Massimo
> > >>>> http://meridio.blogspot.com
> > >>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > >>>> For additional commands, e-mail: users-help@tapestry.apache.org
> > >>>>
> > >>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > >>> For additional commands, e-mail: users-help@tapestry.apache.org
> > >>>
> > >>>
> > >>>
> > >>>
> > >>
> > >
> > > --
> > > Djigzo open source email encryption
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > > For additional commands, e-mail: users-help@tapestry.apache.org
> > >
> > >
> >
>
Re: Projects and sites powered by Tapestry
Posted by Alex Kotchnev <ak...@gmail.com>.
Benny,
indeed that would be the case for a "traditional" web framework that
serves web application assets (e.g. stylesheets, images, javascript) only
from the publicly available directories (e.g. outside of WEB-INF). However,
because of T5's component nature , if you deployed a component (e.g. as a
jar in the web app) it might need to access assets from the classpath (e.g.
from the component jar). Hence, currently there is a wide gaping security
whole in a "stock" T5 application's Asset service, that it can access any
files on the classpath (e.g. property files, .tml source, etc). There is an
issue filed for this , some improvements in T5.1, and a few decent solutions
(as the posting above mentions), but the framework is still very vulnerable.
Cheers,
Alex K
On Thu, Sep 10, 2009 at 8:56 AM, Benny Law <be...@gmail.com> wrote:
> Pardon me if I am mistaken, but shouldn't .class and .tml files be under
> WEB-INF and hence inaccessible automatically?
>
> Benny
>
> On Thu, Sep 10, 2009 at 2:52 AM, martijn.list <martijn.list@gmail.com
> >wrote:
>
> > Angelo Chen wrote:
> >
> >> how to close access to ".class" and ".tml"?
> >>
> >>
> >
> > This has been posted to the list multiple times so I another time
> wouldn't
> > hurt ;)
> >
> >
> > I use the following code to whitelist some assets. Access to non white
> > listed assets is denied.
> >
> > Add to your application module:
> >
> >
> > private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
> > "gif", "js", "css", "ico"};
> >
> > /*
> > * All the assets that are allowed to be downloaded using the assets
> > service (including files without extension and dirs)
> > */
> > private static final Set<String> assetsWhitelist =
> > Collections.synchronizedSet(
> > new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
> >
> > public void
> >
> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
> > configuration,
> > @Inject @Value("${access-denied-page}") final String
> > accessDeniedPage)
> > {
> > /*
> > * Create a filter that will block access to some assets. The asset
> > service allows access to some assets we do
> > * not want to expose. The asset service will show all files in
> /assets/
> > directory and allows you (by default)
> > * to download some files which you do not want to expose.
> > */
> > HttpServletRequestFilter filter = new HttpServletRequestFilter()
> > {
> > public boolean service(HttpServletRequest request,
> > HttpServletResponse response, HttpServletRequestHandler handler)
> > throws IOException
> > {
> > String path = request.getServletPath();
> >
> > if (path.startsWith("/assets") && (!assetsWhitelist.contains(
> >
> > StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
> > {
> > logger.warn("access to asset " + path + " denied");
> >
> > response.sendRedirect(request.getContextPath() + "/" +
> > accessDeniedPage);
> >
> > return true;
> > }
> >
> > return handler.service(request, response);
> > }
> > };
> >
> > configuration.add("AssetProtectionFilter", filter , "before:*");
> > }
> >
> >
> >
> >> Sergey Didenko wrote:
> >>
> >>> BTW, it's worth to remind again everyone who is going to publish their
> >>> site urls, to close the access to ".class" and ".tml" files .
> >>>
> >>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
> >>> wrote:
> >>>
> >>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
> >>>> Figueiredo<th...@gmail.com> wrote:
> >>>>
> >>>> Hi!
> >>>>>
> >>>>> I guess this was already discussed some time ago, but I couldn't find
> >>>>> it. :(
> >>>>> Anyway, it's been a long time, so let's get it started again. ;)
> >>>>>
> >>>>> Tapestry is a wonderful framework, but it isn't the best known one
> >>>>> around.
> >>>>> Sometimes, managers ask us to provide some projects/sites/success
> >>>>> stories/etc using it so they can be more confident about Tapestry.
> >>>>> There's a
> >>>>> Success Stories page in the wiki
> >>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had
> >>>>> any
> >>>>> edit
> >>>>> since 2007-10-05.
> >>>>>
> >>>>> What about sharing your success stories with us, promoting Tapestry
> >>>>> (specially T5)? If the project is a public website, please post the
> URL
> >>>>> here. I think we should have a list of Tapestry-powered sites.
> >>>>>
> >>>>> Thanks in advance.
> >>>>>
> >>>> It would be great to have that page more up to date but i remember
> >>>> Howard asking for "private" user stories and more then one have
> >>>> replied him even personally so i guess if that would make sense too to
> >>>> have that stories online.
> >>>> Do i remember correctly Howard?
> >>>>
> >>>> --
> >>>> Massimo
> >>>> http://meridio.blogspot.com
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >>>> For additional commands, e-mail: users-help@tapestry.apache.org
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >>> For additional commands, e-mail: users-help@tapestry.apache.org
> >>>
> >>>
> >>>
> >>>
> >>
> >
> > --
> > Djigzo open source email encryption
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
Re: Projects and sites powered by Tapestry
Posted by Benny Law <be...@gmail.com>.
Pardon me if I am mistaken, but shouldn't .class and .tml files be under
WEB-INF and hence inaccessible automatically?
Benny
On Thu, Sep 10, 2009 at 2:52 AM, martijn.list <ma...@gmail.com>wrote:
> Angelo Chen wrote:
>
>> how to close access to ".class" and ".tml"?
>>
>>
>
> This has been posted to the list multiple times so I another time wouldn't
> hurt ;)
>
>
> I use the following code to whitelist some assets. Access to non white
> listed assets is denied.
>
> Add to your application module:
>
>
> private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
> "gif", "js", "css", "ico"};
>
> /*
> * All the assets that are allowed to be downloaded using the assets
> service (including files without extension and dirs)
> */
> private static final Set<String> assetsWhitelist =
> Collections.synchronizedSet(
> new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
>
> public void
> contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
> configuration,
> @Inject @Value("${access-denied-page}") final String
> accessDeniedPage)
> {
> /*
> * Create a filter that will block access to some assets. The asset
> service allows access to some assets we do
> * not want to expose. The asset service will show all files in /assets/
> directory and allows you (by default)
> * to download some files which you do not want to expose.
> */
> HttpServletRequestFilter filter = new HttpServletRequestFilter()
> {
> public boolean service(HttpServletRequest request,
> HttpServletResponse response, HttpServletRequestHandler handler)
> throws IOException
> {
> String path = request.getServletPath();
>
> if (path.startsWith("/assets") && (!assetsWhitelist.contains(
>
> StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
> {
> logger.warn("access to asset " + path + " denied");
>
> response.sendRedirect(request.getContextPath() + "/" +
> accessDeniedPage);
>
> return true;
> }
>
> return handler.service(request, response);
> }
> };
>
> configuration.add("AssetProtectionFilter", filter , "before:*");
> }
>
>
>
>> Sergey Didenko wrote:
>>
>>> BTW, it's worth to remind again everyone who is going to publish their
>>> site urls, to close the access to ".class" and ".tml" files .
>>>
>>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
>>> wrote:
>>>
>>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>>>> Figueiredo<th...@gmail.com> wrote:
>>>>
>>>> Hi!
>>>>>
>>>>> I guess this was already discussed some time ago, but I couldn't find
>>>>> it. :(
>>>>> Anyway, it's been a long time, so let's get it started again. ;)
>>>>>
>>>>> Tapestry is a wonderful framework, but it isn't the best known one
>>>>> around.
>>>>> Sometimes, managers ask us to provide some projects/sites/success
>>>>> stories/etc using it so they can be more confident about Tapestry.
>>>>> There's a
>>>>> Success Stories page in the wiki
>>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had
>>>>> any
>>>>> edit
>>>>> since 2007-10-05.
>>>>>
>>>>> What about sharing your success stories with us, promoting Tapestry
>>>>> (specially T5)? If the project is a public website, please post the URL
>>>>> here. I think we should have a list of Tapestry-powered sites.
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>> It would be great to have that page more up to date but i remember
>>>> Howard asking for "private" user stories and more then one have
>>>> replied him even personally so i guess if that would make sense too to
>>>> have that stories online.
>>>> Do i remember correctly Howard?
>>>>
>>>> --
>>>> Massimo
>>>> http://meridio.blogspot.com
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>>
>>>
>>
>
> --
> Djigzo open source email encryption
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Projects and sites powered by Tapestry
Posted by "martijn.list" <ma...@gmail.com>.
Angelo Chen wrote:
> how to close access to ".class" and ".tml"?
>
This has been posted to the list multiple times so I another time
wouldn't hurt ;)
I use the following code to whitelist some assets. Access to non white
listed assets is denied.
Add to your application module:
private static final String[] ASSET_WHITE_LIST = {"jpg", "jpeg", "png",
"gif", "js", "css", "ico"};
/*
* All the assets that are allowed to be downloaded using the assets
service (including files without extension and dirs)
*/
private static final Set<String> assetsWhitelist =
Collections.synchronizedSet(
new HashSet<String>(Arrays.asList(ASSET_WHITE_LIST)));
public void
contributeHttpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
configuration,
@Inject @Value("${access-denied-page}") final String
accessDeniedPage)
{
/*
* Create a filter that will block access to some assets. The asset
service allows access to some assets we do
* not want to expose. The asset service will show all files in
/assets/ directory and allows you (by default)
* to download some files which you do not want to expose.
*/
HttpServletRequestFilter filter = new HttpServletRequestFilter()
{
public boolean service(HttpServletRequest request,
HttpServletResponse response, HttpServletRequestHandler handler)
throws IOException
{
String path = request.getServletPath();
if (path.startsWith("/assets") && (!assetsWhitelist.contains(
StringUtils.lowerCase(FilenameUtils.getExtension(path)))))
{
logger.warn("access to asset " + path + " denied");
response.sendRedirect(request.getContextPath() + "/" +
accessDeniedPage);
return true;
}
return handler.service(request, response);
}
};
configuration.add("AssetProtectionFilter", filter , "before:*");
}
>
> Sergey Didenko wrote:
>> BTW, it's worth to remind again everyone who is going to publish their
>> site urls, to close the access to ".class" and ".tml" files .
>>
>> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
>> wrote:
>>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>>> Figueiredo<th...@gmail.com> wrote:
>>>
>>>> Hi!
>>>>
>>>> I guess this was already discussed some time ago, but I couldn't find
>>>> it. :(
>>>> Anyway, it's been a long time, so let's get it started again. ;)
>>>>
>>>> Tapestry is a wonderful framework, but it isn't the best known one
>>>> around.
>>>> Sometimes, managers ask us to provide some projects/sites/success
>>>> stories/etc using it so they can be more confident about Tapestry.
>>>> There's a
>>>> Success Stories page in the wiki
>>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had any
>>>> edit
>>>> since 2007-10-05.
>>>>
>>>> What about sharing your success stories with us, promoting Tapestry
>>>> (specially T5)? If the project is a public website, please post the URL
>>>> here. I think we should have a list of Tapestry-powered sites.
>>>>
>>>> Thanks in advance.
>>> It would be great to have that page more up to date but i remember
>>> Howard asking for "private" user stories and more then one have
>>> replied him even personally so i guess if that would make sense too to
>>> have that stories online.
>>> Do i remember correctly Howard?
>>>
>>> --
>>> Massimo
>>> http://meridio.blogspot.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
--
Djigzo open source email encryption
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Angelo Chen <an...@yahoo.com.hk>.
how to close access to ".class" and ".tml"?
Sergey Didenko wrote:
>
> BTW, it's worth to remind again everyone who is going to publish their
> site urls, to close the access to ".class" and ".tml" files .
>
> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com>
> wrote:
>> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
>> Figueiredo<th...@gmail.com> wrote:
>>
>>> Hi!
>>>
>>> I guess this was already discussed some time ago, but I couldn't find
>>> it. :(
>>> Anyway, it's been a long time, so let's get it started again. ;)
>>>
>>> Tapestry is a wonderful framework, but it isn't the best known one
>>> around.
>>> Sometimes, managers ask us to provide some projects/sites/success
>>> stories/etc using it so they can be more confident about Tapestry.
>>> There's a
>>> Success Stories page in the wiki
>>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had any
>>> edit
>>> since 2007-10-05.
>>>
>>> What about sharing your success stories with us, promoting Tapestry
>>> (specially T5)? If the project is a public website, please post the URL
>>> here. I think we should have a list of Tapestry-powered sites.
>>>
>>> Thanks in advance.
>>
>> It would be great to have that page more up to date but i remember
>> Howard asking for "private" user stories and more then one have
>> replied him even personally so i guess if that would make sense too to
>> have that stories online.
>> Do i remember correctly Howard?
>>
>> --
>> Massimo
>> http://meridio.blogspot.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Projects-and-sites-powered-by-Tapestry-tp25348447p25375291.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Sergey Didenko <se...@gmail.com>.
BTW, it's worth to remind again everyone who is going to publish their
site urls, to close the access to ".class" and ".tml" files .
On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti <ml...@gmail.com> wrote:
> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
> Figueiredo<th...@gmail.com> wrote:
>
>> Hi!
>>
>> I guess this was already discussed some time ago, but I couldn't find it. :(
>> Anyway, it's been a long time, so let's get it started again. ;)
>>
>> Tapestry is a wonderful framework, but it isn't the best known one around.
>> Sometimes, managers ask us to provide some projects/sites/success
>> stories/etc using it so they can be more confident about Tapestry. There's a
>> Success Stories page in the wiki
>> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had any edit
>> since 2007-10-05.
>>
>> What about sharing your success stories with us, promoting Tapestry
>> (specially T5)? If the project is a public website, please post the URL
>> here. I think we should have a list of Tapestry-powered sites.
>>
>> Thanks in advance.
>
> It would be great to have that page more up to date but i remember
> Howard asking for "private" user stories and more then one have
> replied him even personally so i guess if that would make sense too to
> have that stories online.
> Do i remember correctly Howard?
>
> --
> Massimo
> http://meridio.blogspot.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Projects and sites powered by Tapestry
Posted by Massimo Lusetti <ml...@gmail.com>.
On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
Figueiredo<th...@gmail.com> wrote:
> Hi!
>
> I guess this was already discussed some time ago, but I couldn't find it. :(
> Anyway, it's been a long time, so let's get it started again. ;)
>
> Tapestry is a wonderful framework, but it isn't the best known one around.
> Sometimes, managers ask us to provide some projects/sites/success
> stories/etc using it so they can be more confident about Tapestry. There's a
> Success Stories page in the wiki
> (http://wiki.apache.org/tapestry/SuccessStories), but it hasn't had any edit
> since 2007-10-05.
>
> What about sharing your success stories with us, promoting Tapestry
> (specially T5)? If the project is a public website, please post the URL
> here. I think we should have a list of Tapestry-powered sites.
>
> Thanks in advance.
It would be great to have that page more up to date but i remember
Howard asking for "private" user stories and more then one have
replied him even personally so i guess if that would make sense too to
have that stories online.
Do i remember correctly Howard?
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org