You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by bu...@apache.org on 2019/12/09 07:20:33 UTC
svn commit: r1053819 [3/3] - in /websites/production/tapestry/content: ./
cache/
Modified: websites/production/tapestry/content/request-processing-faq.html
==============================================================================
--- websites/production/tapestry/content/request-processing-faq.html (original)
+++ websites/production/tapestry/content/request-processing-faq.html Mon Dec 9 07:20:33 2019
@@ -78,11 +78,11 @@
<div id="content">
<div id="ConfluenceContent"><h1 id="RequestProcessingFAQ-RequestProcessing">Request Processing</h1><h2 id="RequestProcessingFAQ-Contents">Contents</h2><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1575397201137 {padding: 0px;}
-div.rbtoc1575397201137 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1575397201137 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1575875992723 {padding: 0px;}
+div.rbtoc1575875992723 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1575875992723 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1575397201137">
+/*]]>*/</style></p><div class="toc-macro rbtoc1575875992723">
<ul class="toc-indentation"><li><a href="#RequestProcessingFAQ-HowdoIgetTapestrytonothandlearequest?">How do I get Tapestry to not handle a request?</a></li></ul>
</div><h2 id="RequestProcessingFAQ-HowdoIgetTapestrytonothandlearequest?">How do I get Tapestry to <strong>not</strong> handle a request?</h2><p>Often, when <a href="integration-with-existing-applications.html">integrating with outside libraries, or working with legacy code</a>, you will want Tapestry to ignore a request and let the normal servlet or other processing handle the request.</p><p>The easy way to do this is to contribute a regular expression to the <a href="configuration.html">IgnoredPathsFilter service</a>, whose job is to exclude some requests.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="syntaxhighlighter-pre" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Default" data-theme="Default">public static void contributeIgnoredPathsFilter(Configuration<String> configuration)
Modified: websites/production/tapestry/content/security-faq.html
==============================================================================
--- websites/production/tapestry/content/security-faq.html (original)
+++ websites/production/tapestry/content/security-faq.html Mon Dec 9 07:20:33 2019
@@ -78,11 +78,11 @@
<div id="content">
<div id="ConfluenceContent"><h1 id="SecurityFAQ-Security">Security</h1><p>Main Article: <a href="security.html">Security</a></p><h2 id="SecurityFAQ-Contents">Contents</h2><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1575397204256 {padding: 0px;}
-div.rbtoc1575397204256 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1575397204256 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1575875995949 {padding: 0px;}
+div.rbtoc1575875995949 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1575875995949 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1575397204256">
+/*]]>*/</style></p><div class="toc-macro rbtoc1575875995949">
<ul class="toc-indentation"><li><a href="#SecurityFAQ-Thebuilt-inDashboardpagearevisibleinmyproductionapplicationandIdon'twantthemtobe,whatcanIdo?">The built-in Dashboard page are visible in my production application and I don't want them to be, what can I do?</a></li></ul>
</div><p> </p><div class="aui-label" style="float:right" title="Related Articles">
Modified: websites/production/tapestry/content/security.html
==============================================================================
--- websites/production/tapestry/content/security.html (original)
+++ websites/production/tapestry/content/security.html Mon Dec 9 07:20:33 2019
@@ -132,7 +132,7 @@
<p><br clear="none"></p><h2 id="Security-HTTPS-onlyPages">HTTPS-only Pages</h2><p>Main Article: <a href="https.html">HTTPS</a></p><p>Tapestry provides several annotations and configuration settings that you can use to <span>ensure that all access to certain pages (or all pages) occurs only via the encrypted HTTPS protocol</span><span>. See <a href="https.html">HTTPS</a> for details.</span></p><h2 id="Security-ControllingPageAccess"><span>Controlling Page Access</span></h2><p><br clear="none"></p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em">
<p> <strong>JumpStart Demo:</strong><br clear="none">
- <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">Protecting Pages</a></p></div><p><span>For simple access control needs, you can contribute a <span><a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a> with your custom logic that decides which pages should be accessed by which users. The <a class="external-link" href="https://tapestry-app.apache.org/hotels/">Tapestry Hotel Booking </a>app demonstrates this approach with an <code>@AnonymousAccess</code> annotation along with a ComponentRequestFilter named <code>AuthenticationFilter.java</code>. The filter enforces security by intercepting all requests to pages that don't have that annotation, and it redirects those requests to the login page. <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examp
les/infrastructure/protectingpages" rel="nofollow">JumpStart</a> has a similar demo.<br clear="none"></span></span></p><p><br clear="none"></p><p><span>For more advanced needs see the Security Framework Integration section below.</span></p><h2 id="Security-White-listedPages">White-listed Pages</h2><p>Pages whose component classes are annotated with @<a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOnly</a> will only be displayed to users (clients) that are on the <em>whitelist</em>. By default the whitelist consists only of clients whose fully-qualified domain name is "localhost" (or the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1), but you can customize this by contributing to the ClientWhitelist service in your application's module class (usually AppModule.java):</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHe
ader pdl" style="border-bottom-width: 1px;"><b>AppModule.java (partial) – simple inline example</b></div><div class="codeContent panelContent pdl">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">Protecting Pages<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span></p></div><p><span>For simple access control needs, you can contribute a <span><a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a> with your custom logic that decides which pages should be accessed by which users. The <a class="external-link" href="https://tapestry-app.apache.org/hotels/">Tapestry Hotel Booking </a>app demonstrates this approach with an <code>@AnonymousAccess</code> annotation along with a ComponentRequestFilter named <code>AuthenticationFilter.java</code>. The filter enforces security by intercepting all requests to pages that don't
have that annotation, and it redirects those requests to the login page. <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">JumpStart</a> has a similar demo.<br clear="none"></span></span></p><p><br clear="none"></p><p><span>For more advanced needs see the Security Framework Integration section below.</span></p><h2 id="Security-White-listedPages">White-listed Pages</h2><p>Pages whose component classes are annotated with @<a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOnly</a> will only be displayed to users (clients) that are on the <em>whitelist</em>. By default the whitelist consists only of clients whose fully-qualified domain name is "localhost" (or the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1), but you can customize this by contributing to the ClientWhitelist ser
vice in your application's module class (usually AppModule.java):</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>AppModule.java (partial) – simple inline example</b></div><div class="codeContent panelContent pdl">
<pre class="syntaxhighlighter-pre" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Default" data-theme="Default"> @Contribute(ClientWhitelist.class)
public static void provideWhitelistAnalyzer(OrderedConfiguration<WhitelistAnalyzer> configuration)
{
@@ -145,7 +145,7 @@
}
}, "before:*");
}</pre>
-</div></div><p><br clear="none"></p><p>Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost, with the consequence that whitelisted pages may be visible to all users. See the <a href="security-faq.html">Security FAQ</a> for how to deal with this.</p><h2 id="Security-AssetSecurity">Asset Security</h2><p>Main Article: <a href="security.html">Security</a></p><p class="confluence-link">Tapestry serves assets (static content such as CSS files, images, and JavaScript, many of which are on the classpath alongside your compiled class files) to the client. Because of this, great care has gone into ensuring that certain file types cannot be served to the client. By default, file ending with ".class', ".tml" and ".properties" can be served to the client only if the request includes the file's MD5 checksum. As you would expect, that blacklist can be extended. See <a href="assets.html">Assets</a> for more informatio
n.</p><h2 id="Security-ProtectingSerializedObjectDataontheClient">Protecting Serialized Object Data on the Client</h2><p><span style="color: rgb(0,0,0);">As of version 5.3.6, Tapestry integrates a </span><a class="external-link" style="text-decoration: underline;text-align: justify;" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow">hash-based message authentication code</a><span style="color: rgb(0,0,0);"> (HMAC) into serialized Java object data that it sends to the client (generally, this means the </span><code style="text-align: justify;">t:formdata</code><span style="color: rgb(0,0,0);"> hidden field used by the Form component). This ensures that the hidden binary object data is guaranteed to be unaltered when it returns to the server upon form (or AJAX) submission. The HMAC pass phrase is set using the <a href="configuration.html">tapestry.hmac-passphrase</a> configuration symbol. If you don't set that value, you'll see a warning message in the
browser, like this: </span></p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
+</div></div><p><br clear="none"></p><p>Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost, with the consequence that whitelisted pages may be visible to all users. See the <a href="security-faq.html">Security FAQ</a> for how to deal with this.</p><h2 id="Security-AssetSecurity">Asset Security</h2><p>Main Article: <a href="security.html">Security</a></p><p class="confluence-link">Tapestry serves assets (static content such as CSS files, images, and JavaScript, many of which are on the classpath alongside your compiled class files) to the client. Because of this, great care has gone into ensuring that certain file types cannot be served to the client. By default, file ending with ".class', ".tml" and ".properties" can be served to the client only if the request includes the file's MD5 checksum. As you would expect, that blacklist can be extended. See <a href="assets.html">Assets</a> for more informatio
n.</p><h2 id="Security-ProtectingSerializedObjectDataontheClient">Protecting Serialized Object Data on the Client</h2><p><span style="color: rgb(0,0,0);">As of version 5.3.6, Tapestry integrates a </span><a class="external-link" href="http://en.wikipedia.org/wiki/HMAC" rel="nofollow" style="text-decoration: underline;text-align: justify;">hash-based message authentication code</a><span style="color: rgb(0,0,0);"> (HMAC) into serialized Java object data that it sends to the client (generally, this means the </span><code style="text-align: justify;">t:formdata</code><span style="color: rgb(0,0,0);"> hidden field used by the Form component). This ensures that the hidden binary object data is guaranteed to be unaltered when it returns to the server upon form (or AJAX) submission. The HMAC pass phrase is set using the <a href="configuration.html">tapestry.hmac-passphrase</a> configuration symbol. If you don't set that value, you'll see a warning message in the
browser, like this: </span></p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
<pre>The symbol 'tapestry.hmac-passphrase' has not been configured. This is used to configure hash-based message authentication of Tapestry data stored in forms, or in the URL. You application is less secure, and more vulnerable to denial-of-service attacks, when this symbol is not configured.</pre>
</div></div><p><span style="color: rgb(0,0,0);">The solution is to set the tapestry.hmac-passphrase to some value (any fixed, private string, such as 30 to 40 random-looking characters, will do) in your application's module class (usually AppModule.java).</span></p><h2 id="Security-CrossSiteRequestForgery(CSRF)"><span style="color: rgb(83,145,38);">Cross Site Request Forgery (CSRF)</span></h2><p>Cross Site Request Forgery is a type of security vulnerability in which legitimate, authorized users may be made to unwittingly submit malicious requests to your web application.</p><p><a class="external-link" href="https://github.com/porscheinformatik/tapestry-csrf-protection" rel="nofollow">Tapestry-csrf-protection</a> is a 3rd party module that has several features for preventing CSRF attacks. It protects all <span>component event handlers (event links, forms, etc.) by adding a </span><span>CSRF token to event links and adds a CSRF token as a hidden field to all forms.
0;</span><span>Tokens are generated on a per-session basis.</span></p><h2 id="Security-SecurityFrameworkIntegration"><span>Security Framework Integration</span></h2><p>Tapestry does not lock you into a specific authentication/authorization implementation. There are integration modules available for the more popular open source Java security frameworks. A popular choice among Tapestry users is <a class="external-link" href="http://www.tynamo.org/tapestry-security+guide/" rel="nofollow">tapestry-security (based on Apache Shiro) from Tynamo.org</a>. It is always kept up-to-date with the latest Tapestry versions and offers several supporting security modules (e.g. <a class="external-link" href="http://www.tynamo.org/tapestry-security-jpa+guide/" rel="nofollow">tapestry-security-jpa</a>, <a class="external-link" href="http://www.tynamo.org/tynamo-federatedaccounts+guide/" rel="nofollow">tynamo-federatedaccounts</a>). There's also an <a class="external-link" href="http://www.localhost
.nu/java/tapestry-spring-security" rel="nofollow">integration module available for Spring Security</a> but lately, it hasn't kept up with the latest versions of Tapestry 5.</p><p>Additional information:</p><ul><li><a class="external-link" href="http://www.tynamo.org/tynamo-federatedaccounts+guide/" rel="nofollow">Tynamo-federatedaccounts</a> <span style="color: rgb(0,0,0);">is an add-on to the </span><a class="external-link" href="http://www.tynamo.org/tapestry-security+guide/" rel="nofollow">tapestry-security</a><span style="color: rgb(0,0,0);"> module, providing federated (third-party) authentication with Facebook, Twitter or Google.</span></li></ul><ul><li><span>To include OpenID with Spring Security in your application, see the following Wiki entry: </span><a class="external-link" href="http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId">http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId</a></li></ul><h2 id="Security-V
ulnerabilityDisclosures">Vulnerability Disclosures</h2><h3 id="Security-CVE-2019-0195:FilereadingLeadsJavaDeserializationVulnerability.">CVE-2019-0195: File reading Leads Java Deserialization Vulnerability.</h3><p>Disclosure date: <a class="external-link" href="https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24@%3Cusers.tapestry.apache.org%3E">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions between 5.4.0, including its betas, and 5.4.3</p><p>Description: Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formda
ta parameter from the Form component.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x version.</p><p>Credit: Ricter Zheng</p><h3 id="Security-CVE-2019-0207:ApacheTapestry5.4.2PathTraversalvulnerability">CVE-2019-0207: Apache Tapestry 5.4.2 Path Traversal vulnerability</h3><p>Disclosure date: <a class="external-link" href="https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions between 5.4.0, including its betas, and 5.4.4.</p><p>Description: Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x versio
n.</p><p>Credit: Ricter Zheng</p><h3 id="Security-CVE-2019-10071:NewIssueinFixforCVE-2014-1972">CVE-2019-10071: New Issue in Fix for CVE-2014-1972</h3><p>Disclosure date: <a rel="nofollow">September 13th, 2019</a></p><p>Versions affected: all Apache Tapestry versions between 5.4.0, including<br clear="none">its betas, and 5.4.3</p><p>Description: The code which checks HMAC in form submissions used<br clear="none">String.equals() for comparisons, which results in a timing side channel for<br clear="none">the comparison of the HMAC signatures. This could lead to remote code<br clear="none">execution if an attacker is able to determine the correct signature for<br clear="none">their payload. The comparison should be done with a constant time algorithm<br clear="none">instead.</p><p>Mitigation: Upgrade to Tapestry 5.4.5, which is a drop-in replacement for any 5.4.x<br clear="none">version.</p><p>Credit: </p><pre>David Tomaschik of the Google Security Team</pre></div>
</div>
Modified: websites/production/tapestry/content/session-storage.html
==============================================================================
--- websites/production/tapestry/content/session-storage.html (original)
+++ websites/production/tapestry/content/session-storage.html Mon Dec 9 07:20:33 2019
@@ -124,11 +124,11 @@
<p>Ordinary <a href="persistent-page-data.html">page-persistent fields</a></p><p>won't work for this, since persistent fields are available only to a specific page, not shared across multiple pages.</p><p>Tapestry provides two mechanisms for storing such data: Session State Objects and Session Attributes. When deciding between the two, it's best to use Session State Objects for complex objects, and Session Attributes for simple types.</p><h2 id="SessionStorage-SessionStateObjects">Session State Objects</h2><p>With a Session State Object (SSO), the value is automatically stored outside the page; with the default storage strategy, it is stored in the session. Such a value is global to all pages <em>for the same user</em>, but is stored separately for different users.</p><p>A field holding an SSO is marked with the @<a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/SessionState.html">SessionState</a> annotation.</p><div class="
navmenu" style="float:right; background:white; margin:3px; padding:3px">
<div class="panel" style="border-width: 1px;"><div class="panelHeader" style="border-bottom-width: 1px;"><b>Contents</b></div><div class="panelContent">
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1575397183104 {padding: 0px;}
-div.rbtoc1575397183104 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1575397183104 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1575875974482 {padding: 0px;}
+div.rbtoc1575875974482 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1575875974482 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1575397183104">
+/*]]>*/</style><div class="toc-macro rbtoc1575875974482">
<ul class="toc-indentation"><li>Related Articles</li></ul>
<ul><li><a href="#SessionStorage-SessionStateObjects">Session State Objects</a>
<ul class="toc-indentation"><li><a href="#SessionStorage-Pitfalls">Pitfalls</a></li><li><a href="#SessionStorage-CheckforCreation">Check for Creation</a></li><li><a href="#SessionStorage-PersistenceStrategies">Persistence Strategies</a></li><li><a href="#SessionStorage-ConfiguringSSOs">Configuring SSOs</a></li></ul>
Modified: websites/production/tapestry/content/specific-errors-faq.html
==============================================================================
--- websites/production/tapestry/content/specific-errors-faq.html (original)
+++ websites/production/tapestry/content/specific-errors-faq.html Mon Dec 9 07:20:33 2019
@@ -78,11 +78,11 @@
<div id="content">
<div id="ConfluenceContent"><h1 id="SpecificErrorsFAQ-SpecificErrors">Specific Errors</h1><h2 id="SpecificErrorsFAQ-Contents">Contents</h2><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1575397185564 {padding: 0px;}
-div.rbtoc1575397185564 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1575397185564 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1575875976976 {padding: 0px;}
+div.rbtoc1575875976976 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1575875976976 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1575397185564">
+/*]]>*/</style></p><div class="toc-macro rbtoc1575875976976">
<ul class="toc-indentation"><li><a href="#SpecificErrorsFAQ-WhydoIgettheexception"Noserviceimplementstheinterfaceorg.apache.tapestry5.internal.InternalComponentResources"whentryingtousetheBeanEditFormcomponent?">Why do I get the exception "No service implements the interface org.apache.tapestry5.internal.InternalComponentResources" when trying to use the BeanEditForm component?</a></li><li><a href="#SpecificErrorsFAQ-Igetanerrorabout"Pagedidnotgenerateanymarkupwhenrendered."butIhaveatemplate,whathappened?">I get an error about "Page did not generate any markup when rendered." but I have a template, what happened?</a></li><li><a href="#SpecificErrorsFAQ-MyapplicationfailswiththeerrorPermGen,howdoIfixthis?">My application fails with the error PermGen, how do I fix this?</a></li><li><a href="#SpecificErrorsFAQ-WhydoIsometimesgetajava.lang.NoSuchMethodErrorexceptionafterreloadingmypage?">Why do I sometimes get a java.lang.NoSuchMethodError exception after reloadi
ng my page?</a></li><li><a href="#SpecificErrorsFAQ-Whydomylogscontain"java.lang.RuntimeException:FormsrequirethattherequestmethodbePOSTandthatthet:formdataqueryparameterhavevalues"?">Why do my logs contain "java.lang.RuntimeException: Forms require that the request method be POST and that the t:formdata query parameter have values"?</a></li></ul>
</div><div class="aui-label" style="float:right" title="Related Articles">
@@ -111,7 +111,7 @@ div.rbtoc1575397185564 li {margin-left:
<span class="icon aui-icon content-type-page" title="Page">Page:</span> </div>
<div class="details">
- <a href="specific-errors-faq.html">Specific Errors FAQ</a>
+ <a href="error-page-recipe.html">Error Page Recipe</a>
</div>
@@ -120,7 +120,7 @@ div.rbtoc1575397185564 li {margin-left:
<span class="icon aui-icon content-type-page" title="Page">Page:</span> </div>
<div class="details">
- <a href="error-page-recipe.html">Error Page Recipe</a>
+ <a href="specific-errors-faq.html">Specific Errors FAQ</a>
</div>
Modified: websites/production/tapestry/content/tapestry-inversion-of-control-faq.html
==============================================================================
--- websites/production/tapestry/content/tapestry-inversion-of-control-faq.html (original)
+++ websites/production/tapestry/content/tapestry-inversion-of-control-faq.html Mon Dec 9 07:20:33 2019
@@ -78,11 +78,11 @@
<div id="content">
<div id="ConfluenceContent"><h1 id="TapestryInversionofControlFAQ-TapestryInversionofControlContainer">Tapestry Inversion of Control Container</h1><p>Main article: <a href="tapestry-inversion-of-control-faq.html">Tapestry IoC</a></p><h2 id="TapestryInversionofControlFAQ-Contents">Contents</h2><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1575397186081 {padding: 0px;}
-div.rbtoc1575397186081 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1575397186081 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1575875978618 {padding: 0px;}
+div.rbtoc1575875978618 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1575875978618 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1575397186081">
+/*]]>*/</style></p><div class="toc-macro rbtoc1575875978618">
<ul class="toc-indentation"><li><a href="#TapestryInversionofControlFAQ-WhydoIneedtodefineaninterfaceformyservices?Whycan'tIjustusetheclassitself?">Why do I need to define an interface for my services? Why can't I just use the class itself?</a></li><li><a href="#TapestryInversionofControlFAQ-Myservicestartsathread;howdoIknowwhentheapplicationisshuttingdown,tostopthatthread?">My service starts a thread; how do I know when the application is shutting down, to stop that thread?</a></li><li><a href="#TapestryInversionofControlFAQ-HowdoImakemyservicestartupwiththerestoftheapplication,ratherthanlazily?">How do I make my service startup with the rest of the application, rather than lazily?</a></li></ul>
</div><p> </p><div class="aui-label" style="float:right" title="Related Articles">
@@ -120,7 +120,7 @@ div.rbtoc1575397186081 li {margin-left:
<span class="icon aui-icon content-type-page" title="Page">Page:</span> </div>
<div class="details">
- <a href="ioc-cookbook.html">IoC cookbook</a>
+ <a href="tapestry-inversion-of-control-faq.html">Tapestry Inversion of Control FAQ</a>
</div>
@@ -129,7 +129,7 @@ div.rbtoc1575397186081 li {margin-left:
<span class="icon aui-icon content-type-page" title="Page">Page:</span> </div>
<div class="details">
- <a href="tapestry-inversion-of-control-faq.html">Tapestry Inversion of Control FAQ</a>
+ <a href="ioc-cookbook.html">IoC cookbook</a>
</div>
Modified: websites/production/tapestry/content/templating-and-markup-faq.html
==============================================================================
--- websites/production/tapestry/content/templating-and-markup-faq.html (original)
+++ websites/production/tapestry/content/templating-and-markup-faq.html Mon Dec 9 07:20:33 2019
@@ -78,11 +78,11 @@
<div id="content">
<div id="ConfluenceContent"><h1 id="TemplatingandMarkupFAQ-TemplatingandMarkup">Templating and Markup</h1><p>Main Article: <a href="component-templates.html">Component Templates</a></p><h2 id="TemplatingandMarkupFAQ-Contents">Contents</h2><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1575397188006 {padding: 0px;}
-div.rbtoc1575397188006 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1575397188006 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1575875977581 {padding: 0px;}
+div.rbtoc1575875977581 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1575875977581 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1575397188006">
+/*]]>*/</style></p><div class="toc-macro rbtoc1575875977581">
<ul class="toc-indentation"><li><a href="#TemplatingandMarkupFAQ-WhydoIgetaSAXParseExceptionwhenIuseanHTMLentity,suchas&nbsp;inmytemplate?">Why do I get a SAXParseException when I use an HTML entity, such as &nbsp; in my template?</a></li><li><a href="#TemplatingandMarkupFAQ-Whydosomeimagesinmypageshowupasbrokenlinks?">Why do some images in my page show up as broken links?</a></li><li><a href="#TemplatingandMarkupFAQ-What'sthedifferencebetweenidandt:id?">What's the difference between id and t:id?</a></li><li><a href="#TemplatingandMarkupFAQ-WhydomyimagesandstylesheetsendupwithaweirdURLslike/assets/meta/zeea17aee26bc0cae/layout/layout.css?">Why do my images and stylesheets end up with a weird URLs like /assets/meta/zeea17aee26bc0cae/layout/layout.css?</a></li><li><a href="#TemplatingandMarkupFAQ-HowdoIaddaCSSclasstoaTapestrycomponent?">How do I add a CSS class to a Tapestry component?</a></li></ul>
</div><h2 id="TemplatingandMarkupFAQ-WhydoIgetaSAXParseExceptionwhenIuseanHTMLentity,suchas&nbsp;inmytemplate?">Why do I get a SAXParseException when I use an HTML entity, such as <code>&nbsp;</code> in my template?</h2><p>Tapestry uses a standard SAX parser to read your templates. This means that your templates must be <em>well formed</em>: open and close tags must balance, attribute values must be quoted, and entities must be declared. The easiest way to accomplish this is to add a DOCTYPE to your the top of your template:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="syntaxhighlighter-pre" data-syntaxhighlighter-params="brush: xml; gutter: false; theme: Default" data-theme="Default"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
Modified: websites/production/tapestry/content/uploading-files.html
==============================================================================
--- websites/production/tapestry/content/uploading-files.html (original)
+++ websites/production/tapestry/content/uploading-files.html Mon Dec 9 07:20:33 2019
@@ -86,7 +86,7 @@
</pre>
</div></div><p>If you aren't using Maven, you'll have to download the jar and its dependencies yourself.</p><h1 id="UploadingFiles-Usage">Usage</h1><p>The upload component supports default value binding (based on id) and validation.</p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em">
<p> <strong>JumpStart Demo:</strong><br clear="none">
- <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/javascript/fileupload" rel="nofollow">File Upload</a></p></div><h2 id="UploadingFiles-ComponentTemplate">Component Template</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/javascript/fileupload" rel="nofollow">File Upload<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span></p></div><h2 id="UploadingFiles-ComponentTemplate">Component Template</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="syntaxhighlighter-pre" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Default" data-theme="Default"> <t:form>
<t:errors/>
<input t:type="upload" t:id="file" t:value="file" validate="required"/>
Modified: websites/production/tapestry/content/using-select-with-a-list.html
==============================================================================
--- websites/production/tapestry/content/using-select-with-a-list.html (original)
+++ websites/production/tapestry/content/using-select-with-a-list.html Mon Dec 9 07:20:33 2019
@@ -82,9 +82,9 @@
</pre>
</div></div><p>In the above example, ColorSelectModel must be of type SelectModel, or anything that Tapestry knows how to <a href="parameter-type-coercion.html">coerce</a> into a SelectModel, such as a List or a Map or a "value=label,value=label,..." delimited string, or anything Tapestry knows how to coerce into a List or Map, such as an Array or a comma-delimited String.</p><h2 id="UsingSelectWithaList-SelectModel">SelectModel</h2><p></p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em">
<p> <strong>JumpStart Demos:</strong><br clear="none">
- <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/totalcontrolobject" rel="nofollow">Total Control Object Select</a><br clear="none">
- <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/id" rel="nofollow">ID Select</a><br clear="none">
- <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/easyid" rel="nofollow">Easy ID Select</a></p></div>A SelectModel is a collection of options (specifically <a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/OptionModel.html">OptionModel</a> objects) for a drop-down menu. Basically, each option is a value (an object) and a label (presented to the user).<p>If you provide a property of type List for the "model" parameter, Tapestry automatically builds a SelectModel that uses each object's toString() for both the select option value and the select option label. For database-derrived lists this is rarely useful, however, since after form submission you would then have to look up the selected object using that label.</p><p>If you provide a Map, Tapestry builds a SelectModel that uses each item's key as the encoded value and its value as the user-visible label. This is more useful, but if you ar
e going to build a copy of the list as a map just for this purpose, you may as well let Tapestry do it for you, using SelectModelFactory.</p><h2 id="UsingSelectWithaList-SelectModelFactory">SelectModelFactory</h2><p>To have Tapestry create a SelectModel for you, use the <a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/SelectModelFactory.html">SelectModelFactory</a> service. SelectModelFactory creates a SelectModel from a List of objects (of whatever type) and a label property name that you choose:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>SelectWithListDemo.java (a page class)</b></div><div class="codeContent panelContent pdl">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/totalcontrolobject" rel="nofollow">Total Control Object Select<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span><br clear="none">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/id" rel="nofollow">ID Select<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span><br clear="none">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/easyid" rel="nofollow">Easy ID Select<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span></p></div>A SelectModel is a collection of options (specifically <a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/OptionModel.html">OptionModel</a> objects) for a drop-down menu. Basically, each option is a value (an object) and a label (presented to the user).<p>If you provide a property of type List for the "model" parameter, Tapestry automatically builds a SelectModel that uses each object's toString() for both the select option value and the select option label. For database-derrived lists this is rarely useful, however, since after form submission you would then have to look up the selected object using that label.</p><p>If you provide
a Map, Tapestry builds a SelectModel that uses each item's key as the encoded value and its value as the user-visible label. This is more useful, but if you are going to build a copy of the list as a map just for this purpose, you may as well let Tapestry do it for you, using SelectModelFactory.</p><h2 id="UsingSelectWithaList-SelectModelFactory">SelectModelFactory</h2><p>To have Tapestry create a SelectModel for you, use the <a class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/SelectModelFactory.html">SelectModelFactory</a> service. SelectModelFactory creates a SelectModel from a List of objects (of whatever type) and a label property name that you choose:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>SelectWithListDemo.java (a page class)</b></div><div class="codeContent panelContent pdl">
<pre class="syntaxhighlighter-pre" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Default" data-theme="Default">@Property
private SelectModel colorSelectModel;
@Inject
@@ -107,7 +107,7 @@ public String toString() {
</pre>
</div></div><p>But that is contorting the purpose of the toString() method, and if you go to that much trouble you're already half way to the recommended practice: creating a ValueEncoder.</p><h2 id="UsingSelectWithaList-ValueEncoder">ValueEncoder</h2><p>In addition to a SelectModel, your Select menu is likely to need a ValueEncoder. While a SelectModel is concerned only with how to construct a Select menu, a ValueEncoder is used when constructing the Select menu <em>and</em> when interpreting the encoded value that is submitted back to the server. A ValueEncoder is a converter between the type of objects you want to represent as options in the menu and the client-side encoded values that uniquely identify them, and vice-versa.</p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em">
<p> <strong>JumpStart Demo:</strong><br clear="none">
- <a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/easyobject" rel="nofollow">Easy Object Select</a></p></div>Most commonly, your ValueEncoder's toClient() method will return a unique ID (e.g. a database primary key, or perhaps a UUID) of the given object, and its toValue() method will return the <em>object</em> matching the given ID by doing a database lookup (ideally using a service or DAO method).<p>If you're using one of the ORM integration modules (<a href="hibernate.html">Tapestry-Hibernate</a>, <a href="integrating-with-jpa.html">Tapestry-JPA</a>, or <a class="external-link" href="http://code.google.com/p/tapestry5-cayenne/wiki/ValueEncoder" rel="nofollow">Tapestry-Cayenne</a>), the ValueEncoder is automatically provided for each of your mapped entity classes. The Hibernate module's implementation is typical: the primary key field of the object (converted to a String) is used as the client-side value, and that same primary
key is used to look up the selected object.</p><p>That's exactly what you should do in your own ValueEncoders too:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>ColorEncoder.java (perhaps in your com.example.myappname.encoders package)</b></div><div class="codeContent panelContent pdl">
+ <span class="nobr"><a class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/select/easyobject" rel="nofollow">Easy Object Select<sup><img align="middle" class="rendericon" src="/images/confluence/icons/linkext7.gif" height="7" width="7" alt="" border="0"></sup></a></span></p></div>Most commonly, your ValueEncoder's toClient() method will return a unique ID (e.g. a database primary key, or perhaps a UUID) of the given object, and its toValue() method will return the <em>object</em> matching the given ID by doing a database lookup (ideally using a service or DAO method).<p>If you're using one of the ORM integration modules (<a href="hibernate.html">Tapestry-Hibernate</a>, <a href="integrating-with-jpa.html">Tapestry-JPA</a>, or <a class="external-link" href="http://code.google.com/p/tapestry5-cayenne/wiki/ValueEncoder" rel="nofollow">Tapestry-Cayenne</a>), the ValueEncoder is automatically provided for each of your mapped entity classes. The Hib
ernate module's implementation is typical: the primary key field of the object (converted to a String) is used as the client-side value, and that same primary key is used to look up the selected object.</p><p>That's exactly what you should do in your own ValueEncoders too:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>ColorEncoder.java (perhaps in your com.example.myappname.encoders package)</b></div><div class="codeContent panelContent pdl">
<pre class="syntaxhighlighter-pre" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Default" data-theme="Default">public class ColorEncoder implements ValueEncoder<Color>, ValueEncoderFactory<Color> {
@Inject