Nabble - Tapestry - Dev

[jira] Commented: (TAP5-936) Tapestry wiki link links to nothing for locales other then en

2009-11-26T04:43:39Z

[ https://issues.apache.org/jira/browse/TAP5-936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782878#action_12782878 ]

Ulrich Stärk commented on TAP5-936:
-----------------------------------

The easiest thing to do then is to hard-link to FrontPage.

> Tapestry wiki link links to nothing for locales other then en
> -------------------------------------------------------------
>
> Key: TAP5-936
> URL: https://issues.apache.org/jira/browse/TAP5-936
> Project: Tapestry 5
> Issue Type: Bug
> Components: documentation
> Affects Versions: 5.2.0.0, 5.1.0.5, 5.0.18
> Reporter: Ulrich Stärk
> Priority: Minor
>
> The wiki link should link explicitly to http://wiki.apache.org/tapestry/FrontPage, otherwise MoinMoin will choose a start page according to the user's browser's locale which in my case (de) leads to an empty page.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (TAP5-936) Tapestry wiki link links to nothing for locales other then en

2009-11-26T04:26:39Z

[ https://issues.apache.org/jira/browse/TAP5-936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782870#action_12782870 ]

Andreas Andreou commented on TAP5-936:
--------------------------------------

Just noticed that those 'translated' front pages cannot be deleted or edited (at least by me)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[Tapestry Wiki] Update of "FrontPage" by AndreasAndreou

2009-11-26T04:03:13Z

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.

The "FrontPage" page has been changed by AndreasAndreou.
The comment on this change is: link orphan irc page.
http://wiki.apache.org/tapestry/FrontPage?action=diff&rev1=262&rev2=263

--------------------------------------------------

* [[http://www.tapestryforums.com/index.php]]: Tapestry centric forum

- * There is a #tapestry IRC channel on freenode [[irc://irc.freenode.net/tapestry]]
+ * [[IrcChannel]] There is a #tapestry IRC channel on freenode [[irc://irc.freenode.net/tapestry]]

* [[Gotchas]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

[Tapestry Wiki] Update of "Tapestry5HowTos" by AndreasAndreou

2009-11-26T03:56:43Z

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.

The "Tapestry5HowTos" page has been changed by AndreasAndreou.
http://wiki.apache.org/tapestry/Tapestry5HowTos?action=diff&rev1=191&rev2=192

--------------------------------------------------

* Tapestry5SimpleAndPowerfulLayouts - Creates flexible layouts, using a simple reusable component.
* Tapestry5LayoutWithMenu - Layout with added menu bar
* Tapestry5EnumAsComponentParameter - Defining a new enum as a component parameter, and adding the string -> enum type coercion for it
+ * [[Captcha]]

== Bug workarounds / patches ==
* Tapestry5Utf8Encoding - How to use UTF-8 encoding to support foreign characters

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

[Tapestry Wiki] Update of "ExtraComponents" by AndreasAndreou

2009-11-26T03:55:57Z

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.

The "ExtraComponents" page has been changed by AndreasAndreou.
http://wiki.apache.org/tapestry/ExtraComponents?action=diff&rev1=29&rev2=30

--------------------------------------------------

* [[http://tapestrypalette.sourceforge.net/|Tapestry Palette plugin for Eclipse]]. A tool to enable drag & drop Tapestry component editing in the Eclipse IDE.

+ * [[Captcha]]
+

= Contributing components =
* [[What]]?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

[Tapestry Wiki] Update of "Captcha" by AndreasAndreou

2009-11-26T03:45:35Z

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.

The "Captcha" page has been changed by AndreasAndreou.
The comment on this change is: add chenillekit.
http://wiki.apache.org/tapestry/Captcha?action=diff&rev1=3&rev2=4

--------------------------------------------------

Simple captcha integration could be found on pages

- jCaptcha & Tapestry
+ http://www.chenillekit.org/chenillekit-tapestry/ref/org/chenillekit/tapestry/core/components/Kaptcha.html

http://www.solware.cz/Wiki/Wiki.jsp?page=Tapestry_Captcha

@@ -12, +12 @@

jCaptcha & Tapestry 4.1

- https://tacos.svn.sourceforge.net/svnroot/tacos/tacos-4.1/trunk/tacos-contrib/src/java/net/sf/tacos/contrib/
+ https://tacos.svn.sourceforge.net/svnroot/tacos/tacos-4.1/trunk/tacos-contrib/src/java/net/sf/tacos/contrib/captcha/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

[Tapestry Wiki] Update of "Captcha" by AndreasAndreou

2009-11-26T03:36:18Z

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.

The "Captcha" page has been changed by AndreasAndreou.
http://wiki.apache.org/tapestry/Captcha?action=diff&rev1=2&rev2=3

--------------------------------------------------

http://www.solware.cz/Wiki/Wiki.jsp?page=Tapestry_Captcha

+ jCaptcha & Tapestry 5
+
+ http://forge.octo.com/jcaptcha/confluence/display/general/5+minutes+application+integration+tutorial (scroll down for "JCaptcha Integration with Tapestry")
+
+ jCaptcha & Tapestry 4.1
+
+ https://tacos.svn.sourceforge.net/svnroot/tacos/tacos-4.1/trunk/tacos-contrib/src/java/net/sf/tacos/contrib/
+

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

[jira] Commented: (TAP5-936) Tapestry wiki link links to nothing for locales other then en

2009-11-25T10:54:39Z

[ https://issues.apache.org/jira/browse/TAP5-936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782554#action_12782554 ]

Andreas Andreou commented on TAP5-936:
--------------------------------------

I see the problem for a few other locales (french) but not all - no greek :)

Probably they are created by default and we can just delete them - or if someone's interested
he can edit them and/or add translations

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (TAP5-936) Tapestry wiki link links to nothing for locales other then en

2009-11-25T10:28:39Z

[ https://issues.apache.org/jira/browse/TAP5-936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ulrich Stärk updated TAP5-936:
------------------------------

Affects Version/s: 5.0.18

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (TAP5-936) Tapestry wiki link links to nothing for locales other then en

2009-11-25T10:26:39Z

Tapestry wiki link links to nothing for locales other then en
-------------------------------------------------------------

Key: TAP5-936
URL: https://issues.apache.org/jira/browse/TAP5-936
Project: Tapestry 5
Issue Type: Bug
Components: documentation
Affects Versions: 5.1.0.5, 5.2.0.0
Reporter: Ulrich Stärk
Priority: Minor

The wiki link should link explicitly to http://wiki.apache.org/tapestry/FrontPage, otherwise MoinMoin will choose a start page according to the user's browser's locale which in my case (de) leads to an empty page.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-25T09:41:17Z

Em Wed, 25 Nov 2009 15:25:13 -0200, Ulrich Stärk <uli@...>
escreveu:

> I'm all for blacklisting but reasonable defaults like allowing
> css/jpg/png/gif/js from the webapp context IMHO should be added as not
> to frustrate people trying to get their project going...

Agreed.

--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, software architect and developer, Ars Machina Tecnologia da
Informação Ltda.
http://www.arsmachina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-25T09:25:13Z

So this means, that by default, assets commonly used in an application
(e.g. custom css, images, javascript) are blocked by default and the
user has to allow them manually? You don't want to add
RequestConstants.CONTEXT_FOLDER + appVersion + "/" + pathPattern to the
regex authorizer?

I'm all for blacklisting but reasonable defaults like allowing
css/jpg/png/gif/js from the webapp context IMHO should be added as not
to frustrate people trying to get their project going...

Uli

Robert Zeigler schrieb:

> Fair enough. It was in there originally from when the module was
> separate from the codebase; I suspect that a large portion of tapestry
> users are also chenille-kit users (I know I am :), so I had added it in
> for convenience. With the module moving into tapestry core, it makes
> sense to move the "burden" of the contribution to the chenille-kit dev.
> I should be closing out the ticket shortly, but it's pending one,
> possibly two things:
> 1) An integration test asserting that the protection is in place
> Note that existing integration tests illustrated the fact that it
> /does/ work b/c they broke on addition of the module until I added the
> appropriate contribution. But that's not the same thing as explicitly
> testing for the presence of the protection.
> 2) Possibly adding in default contributions for the quickstart.
> I've been hesitant to do this, honestly, because overriding such a
> general contribution, while possible, is less straightforward (you'd
> have to contribute your own implementation of an AssetAuthorizer in
> front of the regex one). But as I was typing this I realized that we
> can do it better than that by actually adding the contribution to the
> quickstart's AppModule, rather than to tapestry core. So you still get
> the benefit, but you can easily fine-tune the contribution.
>
> Robert
>
> On Nov 24, 2009, at 11/243:09 AM , Massimo Lusetti wrote:
>
>> On Mon, Nov 23, 2009 at 8:53 PM, Ulrich Stärk <uli@...> wrote:
>>
>>> This will break all applications using chenillekit until the chenillekit
>>> devs update their code and should be visibly documented somewhere.
>>
>> We agree too and we have it in our tree a contribution that we will
>> extend to include everything needed.
>>
>> Cheers
>> --
>> Massimo
>> http://meridio.blogspot.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@...
>> For additional commands, e-mail: dev-help@...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-25T08:16:20Z

Fair enough. It was in there originally from when the module was
separate from the codebase; I suspect that a large portion of tapestry
users are also chenille-kit users (I know I am :), so I had added it
in for convenience. With the module moving into tapestry core, it
makes sense to move the "burden" of the contribution to the chenille-
kit dev.
I should be closing out the ticket shortly, but it's pending one,
possibly two things:
1) An integration test asserting that the protection is in place
Note that existing integration tests illustrated the fact that it /
does/ work b/c they broke on addition of the module until I added the
appropriate contribution. But that's not the same thing as explicitly
testing for the presence of the protection.
2) Possibly adding in default contributions for the quickstart.
I've been hesitant to do this, honestly, because overriding such a
general contribution, while possible, is less straightforward (you'd
have to contribute your own implementation of an AssetAuthorizer in
front of the regex one). But as I was typing this I realized that we
can do it better than that by actually adding the contribution to the
quickstart's AppModule, rather than to tapestry core. So you still
get the benefit, but you can easily fine-tune the contribution.

Robert

On Nov 24, 2009, at 11/243:09 AM , Massimo Lusetti wrote:

> On Mon, Nov 23, 2009 at 8:53 PM, Ulrich Stärk <uli@...>
> wrote:
>
>> This will break all applications using chenillekit until the
>> chenillekit
>> devs update their code and should be visibly documented somewhere.
>
> We agree too and we have it in our tree a contribution that we will
> extend to include everything needed.
>
> Cheers
> --
> Massimo
> http://meridio.blogspot.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: [VOTE] Ulrich Stärk as Tapestry Committer

2009-11-25T05:07:59Z

Thank you everybody for your ayes and the confidence you plac in me. And especially thank you Robert
and Igor for considering me in the first place.

Uli

Am 25.11.2009 08:23 schrieb Igor Drobiazko:

> Binding votes:
>
> Andreas Andreou: +1
> Howard M. Lewis Ship: +1
> Thiago H. de Paula Figueiredo: +1
>
> Non-binding votes:
>
> Igor Drobiazko: +1
> Robert Zeigler +1
> Alfonso Quiroga: +1
> Dmitry Gusev: +1
> Kristian Marinkovic: +1
> Daniel Jue: +1
> Massimo Lusetti: +1
> Andy Blower: +1
> Ben Dotte: +1
> Kevin Menard: +1
>
>
> Welcome aboard, Ulrich.
>
>
> On Sat, Nov 21, 2009 at 11:11 PM, Igor Drobiazko
> <igor.drobiazko@...>wrote:
>
>> Ulrich has been very active in the Tapestry community. He is a long-time
>> Tapestry user and provided tons high quality patches. I had the pleasure to
>> learn him during I wrote my Tapestry book. He made a great job as technical
>> reviewer of the book. From private chat I know he is willing to become a
>> Tapestry committer.
>>
>> Ulrich would make a great addition to the team.
>>
>> Vote to run for three days.
>>
>> Igor Drobiazko: +1 (non-binding)
>>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: [VOTE] Ulrich Stärk as Tapestry Committer

2009-11-24T23:23:03Z

Binding votes:

Andreas Andreou: +1
Howard M. Lewis Ship: +1
Thiago H. de Paula Figueiredo: +1

Non-binding votes:

Igor Drobiazko: +1
Robert Zeigler +1
Alfonso Quiroga: +1
Dmitry Gusev: +1
Kristian Marinkovic: +1
Daniel Jue: +1
Massimo Lusetti: +1
Andy Blower: +1
Ben Dotte: +1
Kevin Menard: +1

Welcome aboard, Ulrich.

On Sat, Nov 21, 2009 at 11:11 PM, Igor Drobiazko
<igor.drobiazko@...>wrote:

> Ulrich has been very active in the Tapestry community. He is a long-time
> Tapestry user and provided tons high quality patches. I had the pleasure to
> learn him during I wrote my Tapestry book. He made a great job as technical
> reviewer of the book. From private chat I know he is willing to become a
> Tapestry committer.
>
> Ulrich would make a great addition to the team.
>
> Vote to run for three days.
>
> Igor Drobiazko: +1 (non-binding)
>

--
Best regards,

Igor Drobiazko

svn commit: r883963 - /tapestry/tapestry5/branches/5.0/pom.xml

2009-11-24T18:28:04Z

Author: andyhot
Date: Wed Nov 25 02:28:03 2009
New Revision: 883963

URL: http://svn.apache.org/viewvc?rev=883963&view=rev
Log:
Unneeded repositories - everything used comes from central

Modified:
tapestry/tapestry5/branches/5.0/pom.xml

Modified: tapestry/tapestry5/branches/5.0/pom.xml
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/pom.xml?rev=883963&r1=883962&r2=883963&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.0/pom.xml (original)
+++ tapestry/tapestry5/branches/5.0/pom.xml Wed Nov 25 02:28:03 2009
@@ -379,54 +379,6 @@
</plugin>
</plugins>
</reporting>
- <repositories>
- <repository>
- <id>tapestry</id>
- <url>http://tapestry.formos.com/maven-repository</url>
- </repository>
- <repository>
- <id>tapestry-snapshot</id>
- <url>http://tapestry.formos.com/maven-snapshot-repository</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- 
- <repository>
- <id>OpenQA_Release</id>
- <name>OpenQA Release Repository</name>
- <url>http://archiva.openqa.org/repository/releases/</url>
- </repository>
- </repositories>
-
- <pluginRepositories>
- <pluginRepository>
- <id>tapestry</id>
- <url>http://tapestry.formos.com/maven-repository</url>
- </pluginRepository>
- 
- <pluginRepository>
- <id>codehaus.snapshots</id>
- <url>http://snapshots.repository.codehaus.org</url>
- </pluginRepository>
- </pluginRepositories>
-
- 

<distributionManagement>
<site>

svn commit: r883959 - /tapestry/tapestry5/branches/5.0/tapestry-ioc/pom.xml

2009-11-24T18:24:18Z

Author: andyhot
Date: Wed Nov 25 02:24:17 2009
New Revision: 883959

URL: http://svn.apache.org/viewvc?rev=883959&view=rev
Log:
revert javassist version - not found in defined repos or central

Modified:
tapestry/tapestry5/branches/5.0/tapestry-ioc/pom.xml

Modified: tapestry/tapestry5/branches/5.0/tapestry-ioc/pom.xml
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-ioc/pom.xml?rev=883959&r1=883958&r2=883959&view=diff
==============================================================================
--- tapestry/tapestry5/branches/5.0/tapestry-ioc/pom.xml (original)
+++ tapestry/tapestry5/branches/5.0/tapestry-ioc/pom.xml Wed Nov 25 02:24:17 2009
@@ -27,7 +27,7 @@
<dependency>
<groupId>javassist</groupId>
<artifactId>javassist</artifactId>
- <version>3.9.0.GA</version>
+ <version>3.8.0.GA</version>
</dependency>

<dependency>
@@ -117,7 +117,6 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
- 
<version>${cobertura-plugin-version}</version>
</plugin>
</plugins>

Re: [VOTE] Ulrich Stärk as Tapestry Committer

2009-11-24T13:05:25Z

+1 (non-binding)

--
Kevin

On Sat, Nov 21, 2009 at 5:11 PM, Igor Drobiazko <igor.drobiazko@...>wrote:

Re: [VOTE] Ulrich Stärk as Tapestry Committer

2009-11-24T06:59:16Z

Ben Dotte: +1 (non-binding)

On Mon, Nov 23, 2009 at 4:51 AM, Andy Blower <andy.blower@...> wrote:

>
>
> +1
>
>
> Daniel Jue wrote:
>>
>> +1
>>
>> On Mon, Nov 23, 2009 at 1:58 AM, Kristian Marinkovic
>> <kristian.marinkovic@...> wrote:
>>> +1
>>>
>>>
>>>
>>> "Thiago H. de Paula Figueiredo" <thiagohp@...>
>>> 22.11.2009 12:40
>>> Bitte antworten an
>>> "Tapestry development" <dev@...>
>>>
>>>
>>> An
>>> "Tapestry development" <dev@...>
>>> Kopie
>>>
>>> Thema
>>> Re: [VOTE] Ulrich Stärk as Tapestry Committer
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Thiago H. de Paula Figueiredo: +1 (binding)
>>>
>>> --
>>> Thiago H. de Paula Figueiredo
>>> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
>>> and instructor
>>> Owner, software architect and developer, Ars Machina Tecnologia da
>>> Informação Ltda.
>>> http://www.arsmachina.com.br
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>> For additional commands, e-mail: dev-help@...
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@...
>> For additional commands, e-mail: dev-help@...
>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/-VOTE--Ulrich-St%C3%A4rk-as-Tapestry-Committer-tp26460864p26475146.html
> Sent from the Tapestry - Dev mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: issues to be fixed for 5.1.0.6

2009-11-24T02:56:46Z

Sure, I get that - I've just been waiting so long for a new release. But if there will be another one soon then that's okay.

Igor Drobiazko wrote:

I would like to put these changes in a later release. As Ulrich already
pointed out we should release 5.1.0.6 asap. It is only possible iff we
backport already fixed issues. If we would fix the both issues you
suggested somebody else could suggest some other issues. This would delay
the release.

On Mon, Nov 23, 2009 at 1:44 PM, Ulrich Stärk <uli@spielviel.de> wrote:

> Oh, I missed the one for TAP5-834. I can't judge it though, since I'm not
> familiar with that code or it's implications.
>
> On second thought, TAP5-774 will probably not make it into 5.1.0.6 due to
> another reason: It would break existing applications relying on Tapestry
> encoding & as &. I feel that this shouldn't be in a bugfix release.
>
> Uli
>
> Am 23.11.2009 13:08 schrieb Andy Blower:
>
>
>> TAP5-834 does have a patch that I added quite a long time ago. I went to
>> the
>> trouble so it would make it in the next release. It's disappointing that
>> it's not even been looked at, or noticed even.
>>
>> TAP5-773 is a single line change as detailed in the bug report - I didn't
>> think it warranted a patch file, but I can create one if neccessary. As
>> for
>> a test for 773, I'm really not familiar enough with T5's tests and test
>> systems to even know where to start. I may be able to do it with some
>> guidance, like if someone pointed me at where the test for this code is
>> located.
>>
>>
>>
>> Ulrich Stärk wrote:
>>
>>> TAP5-815 will be in the 5.1.0.6 release, Robert is just holding it open
>>> for the moment.
>>>
>>> The other two don't have patches yet and since 5.1.0.6 should be
>>> realeased
>>> as soon as possible due to TAP5-815, I doubt that they will make it into
>>> the release. If you
>>> provide a patch and a test for TAP5-773 though, I'm sure that one of the
>>> committers will look at it.
>>> Shouldn't be that hard since you already have an idea how to fix that.
>>>
>>> Cheers,
>>>
>>> Uli
>>>
>>> Am 23.11.2009 11:50 schrieb Andy Blower:
>>>
>>>> As one of the voices calling for a 5.1 bug fix release I thought I'd
>>>> take
>>>> a
>>>> peek at the dev list. Glad to see things are moving, but a bit
>>>> disappointed
>>>> not to see some key (IMO) bugs not on the list.
>>>>
>>>> Can I suggest that these are added:
>>>>
>>>> https://issues.apache.org/jira/browse/TAP5-834
>>>> https://issues.apache.org/jira/browse/TAP5-773
>>>>
>>>> and if possible:
>>>>
>>>> https://issues.apache.org/jira/browse/TAP5-815
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Andy.
>>>>
>>>>
>>>> Ulrich Stärk wrote:
>>>>
>>>>> For the 5.1.0.6 release, I'd suggest to backport the fixes for the
>>>>> following issues:
>>>>>
>>>>> Bugs:
>>>>>
>>>>> https://issues.apache.org/jira/browse/TAP5-913
>>>>> https://issues.apache.org/jira/browse/TAP5-779
>>>>> https://issues.apache.org/jira/browse/TAP5-767
>>>>> https://issues.apache.org/jira/browse/TAP5-755
>>>>> https://issues.apache.org/jira/browse/TAP5-749
>>>>> https://issues.apache.org/jira/browse/TAP5-748
>>>>> https://issues.apache.org/jira/browse/TAP5-734
>>>>> https://issues.apache.org/jira/browse/TAP5-719
>>>>> https://issues.apache.org/jira/browse/TAP5-714
>>>>> https://issues.apache.org/jira/browse/TAP5-711
>>>>>
>>>>> Improvements:
>>>>>
>>>>> https://issues.apache.org/jira/browse/TAP5-912
>>>>> https://issues.apache.org/jira/browse/TAP5-814
>>>>> https://issues.apache.org/jira/browse/TAP5-764
>>>>> https://issues.apache.org/jira/browse/TAP5-756
>>>>> https://issues.apache.org/jira/browse/TAP5-138
>>>>>
>>>>> I already began to integrate the fixes to the 5.1.0.x-dev branch and
>>>>> will
>>>>> provide a patch covering those when I'm done.
>>>>>
>>>>> Uli
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
>>>>> For additional commands, e-mail: dev-help@tapestry.apache.org
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: dev-help@tapestry.apache.org
>>>
>>>
>>>
>>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: dev-help@tapestry.apache.org
>
>

--
Best regards,

Igor Drobiazko

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-24T01:09:47Z

On Mon, Nov 23, 2009 at 8:53 PM, Ulrich Stärk <uli@...> wrote:

> This will break all applications using chenillekit until the chenillekit
> devs update their code and should be visibly documented somewhere.

We agree too and we have it in our tree a contribution that we will
extend to include everything needed.

Cheers
--
Massimo
http://meridio.blogspot.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

[jira] Commented: (TAP5-935) Per-script combining configuration

2009-11-23T19:12:39Z

[ https://issues.apache.org/jira/browse/TAP5-935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12781755#action_12781755 ]

Raul Montes commented on TAP5-935:
----------------------------------

One possible solution could be to just add two extra methods to RenderSupport (and one to DocumentLinker) to receive scripts assets/stringURLs that won't be combined (something like RenderSupport#addUncombinableScript(Asset script) ) and store them on a separate List<String> in DocumentLinker.

I'm not sure of what to do with duplicated scripts across this methods. It should go to just the uncombined list I suppose (because if a combinable script is uncombined, it hurts less than combining an uncombinable script).

> Per-script combining configuration
> ----------------------------------
>
> Key: TAP5-935
> URL: https://issues.apache.org/jira/browse/TAP5-935
> Project: Tapestry 5
> Issue Type: Improvement
> Components: tapestry-core
> Affects Versions: 5.1.0.5
> Reporter: Raul Montes
>
> Some libraries (like TinyMCE for example) requires to be loaded from its own script tag because they look into its own src to find out the path of other related resources (like themes, languages, images, etc., in TinyMCE case). But if the initializing script of tinyMCE is combined into the virtual asset, it can't figured out its own path and thus fails to load other required resources.
> Because of this problem, I had to disable this great feature, but I think it could be solved if we can set whether a script should be combined or not.
> I put TinyMCE as an example because this library made me disable combined scripts, but the same teqnique is also used by many other libraries as well (as the not modified version of scriptaculous itself) or even in cases when dynamic javascript file generation is needed.
> Regards.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (TAP5-935) Per-script combining configuration

2009-11-23T14:23:39Z

Per-script combining configuration
----------------------------------

Key: TAP5-935
URL: https://issues.apache.org/jira/browse/TAP5-935
Project: Tapestry 5
Issue Type: Improvement
Components: tapestry-core
Affects Versions: 5.1.0.5
Reporter: Raul Montes

Some libraries (like TinyMCE for example) requires to be loaded from its own script tag because they look into its own src to find out the path of other related resources (like themes, languages, images, etc., in TinyMCE case). But if the initializing script of tinyMCE is combined into the virtual asset, it can't figured out its own path and thus fails to load other required resources.

Because of this problem, I had to disable this great feature, but I think it could be solved if we can set whether a script should be combined or not.

I put TinyMCE as an example because this library made me disable combined scripts, but the same teqnique is also used by many other libraries as well (as the not modified version of scriptaculous itself) or even in cases when dynamic javascript file generation is needed.

Regards.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: 5.1 - 5.0 next releases?

2009-11-23T12:49:49Z

It would be also cool if you could reset my account (I forgot my password)
and give me the right to trigger the build manually.

On Mon, Nov 23, 2009 at 8:47 PM, Howard Lewis Ship <hlship@...> wrote:

> Ok, so far I've created a nightly build (install, no docs) for
>
> http://svn.apache.org/repos/asf/tapestry/tapestry5/branches/5.0
>
> If that's working happy, I'll add one for the other branch ... is that
> 5.1-dev/ or 5.1.0.x-dev/ ?
>
> On Mon, Nov 23, 2009 at 11:41 AM, Howard Lewis Ship <hlship@...>
> wrote:
> > Not sure what to make of those errors. Some of the IoC stuff has been
> > very rarely flakey, which I took to be limitations of (i.e., bugs in)
> > the tests, or runtime problems related to running in Bamboo.
> >
> > I'll got set up some CI builds for the other branches.
> >
> >
> > On Mon, Nov 23, 2009 at 11:20 AM, Andreas Andreou <andyhot@...>
> wrote:
> >> fyi, i just sent an email to infra about hudson & selenium...
> >>
> >> Also, it looks like tapestry-ioc is a bit unstable - hudson now gives
> >> those failures:
> >>
> http://hudson.zones.apache.org/hudson/job/tapestry-5.1-trunk/org.apache.tapestry$tapestry-ioc/4/testReport/
> >> while there's no change that could affect that...
> >> So, should be jvm version... i think bamboo runs with 1.5, right? i
> >> could set hudson to
> >> use that (unless someone can explain the failures)
> >>
> >>
> >> On Mon, Nov 23, 2009 at 8:58 PM, Igor Drobiazko
> >> <igor.drobiazko@...> wrote:
> >>> Howard, is it possible to create builds for the branches at formos
> bamboo?
> >>> We need a temporal solution. I also feel uncomfortably to release
> 5.1.0.6
> >>> without having a single build at CI.
> >>>
> >>> On Mon, Nov 23, 2009 at 8:58 AM, Howard Lewis Ship <hlship@...>
> wrote:
> >>>
> >>>> I don't feel comfortable until the code executes properly in the full
> >>>> stack, including browser, servlet container and Tapestry, and
> >>>> including Ajax updates. Anything simulated in that stack is a
> >>>> potential to be different than the end user's experience. Selenium is
> >>>> a pain in the ass, but it's as close as you'll get to hiring actual
> >>>> people to validate your web app.
> >>>>
> >>>> On Sun, Nov 22, 2009 at 7:14 PM, Kalle Korhonen
> >>>> <kalle.o.korhonen@...> wrote:
> >>>> > On Sun, Nov 22, 2009 at 11:42 AM, Andreas Andreou <
> andyhot@...>
> >>>> wrote:
> >>>> >> Integration tests aren't currently able to run (missing firefox
> from
> >>>> path)
> >>>> >> and all 4 failing tests in 5.1 are due to that.
> >>>> >> 5.0 has a few more failures which confirm what i'm seeing locally
> >>>> >> (
> >>>>
> http://hudson.zones.apache.org/hudson/view/All/job/tapestry-5.0-trunk/3/ )
> >>>> >
> >>>> > On that note, I've had very good success doing integration testing
> >>>> > with HtmlUnit and embedded Jetty. The tests run faster than
> >>>> > Selenium-based ones and are more independent of the environment. The
> >>>> > recent versions of HtmlUnit run any kind of Javascript just fine
> >>>> > (dojo, prototype, etc.) but obviously it's not *exactly* the same as
> a
> >>>> > real browser. I've re-written both Apache Shiro's and Tynamo's (at
> >>>> > Codehaus) integration tests to use the same concepts (see e.g.
> >>>> >
> >>>>
> http://svn.apache.org/repos/asf/incubator/shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/AbstractContainerTest.java
> >>>> ).
> >>>> > Just thought it might be worth considering - I know how challenging
> it
> >>>> > can be at times to rely on infrastructure you are not in control of.
> >>>> > But perhaps Apache infra folks can help making firefox available on
> >>>> > the path.
> >>>> >
> >>>>
> >>>> It's not difficult, just means running Xvfb (X virtual frame buffer).
> >>>>
> >>>> > Kalle
> >>>> >
> >>>> >
> >>>> >> On Sun, Nov 22, 2009 at 6:49 PM, Howard Lewis Ship <
> hlship@...>
> >>>> wrote:
> >>>> >>> I'm fine with moving stuff off of tapestry.formos.com.
> >>>> >>>
> >>>> >>> I do want to maintain some site with nightly snapshots, though.
> >>>> >>>
> >>>> >>> On Sun, Nov 22, 2009 at 8:39 AM, Andreas Andreou <
> andyhot@...>
> >>>> wrote:
> >>>> >>>> I have the same problem (lost password & bamboo not sending
> email) -
> >>>> that's why
> >>>> >>>> I started investigating apache's hudson infrastructure...
> >>>> >>>>
> >>>> >>>> I got 4.1 building there,
> >>>> >>>> http://hudson.zones.apache.org/hudson/job/tapestry-4.1-trunk/
> >>>> >>>> (the trick was to set the build node to master - we were told to
> use
> >>>> >>>> minerva or vesta but
> >>>> >>>> it looks like those are missing maven)
> >>>> >>>>
> >>>> >>>> I want to go ahead and add 5.0 and 5.1 there anyway. Howard, you
> >>>> >>>> already have an account
> >>>> >>>> but it don't see any T5 builds there, should i just go ahead?
> >>>> >>>>
> >>>> >>>> As for nexus, doing a mvn release will actually just stage it in
> a
> >>>> >>>> one-time only repo so that
> >>>> >>>> anyone can try it from there. I really wanted to try that with
> the 5.0
> >>>> >>>> but some build failures
> >>>> >>>> i'm having haven't allowed that - hoping to tackle them as we
> speak.
> >>>> >>>>
> >>>> >>>>
> >>>> >>>> On Sun, Nov 22, 2009 at 3:55 PM, Igor Drobiazko
> >>>> >>>> <igor.drobiazko@...> wrote:
> >>>> >>>>> Can someone please add builds for 5.1.x and 5.0.x branches to
> bamboo?
> >>>> I
> >>>> >>>>> forgot my password and bamboo fails to send me a new one.
> >>>> >>>>>
> >>>> >>>>> On Sun, Nov 22, 2009 at 1:38 PM, Howard Lewis Ship <
> hlship@...>
> >>>> wrote:
> >>>> >>>>>
> >>>> >>>>>> What's the process for staging things in Nexus?
> >>>> >>>>>>
> >>>> >>>>>> On Fri, Nov 20, 2009 at 7:50 AM, Andreas Andreou <
> andyhot@...
> >>>> >
> >>>> >>>>>> wrote:
> >>>> >>>>>> > [5.0 branch] So, i'm basically still getting 3 test failures
> in
> >>>> >>>>>> > tapestry-ioc and 2 in
> >>>> >>>>>> > tapestry-core (jdk5 & jdk6)... the good thing is i'm not
> getting
> >>>> those
> >>>> >>>>>> > in the 5.1 branch, so, i'll try to
> >>>> >>>>>> > look for diffs.
> >>>> >>>>>> >
> >>>> >>>>>> > [5.1 branch] All look fine here, once we say GO, I (or
> anyone) can
> >>>> >>>>>> > just try to stage the release
> >>>> >>>>>> > in nexus and once that works, send the email for the vote
> >>>> >>>>>> >
> >>>> >>>>>> > On Fri, Nov 20, 2009 at 2:24 PM, Thiago H. de Paula
> Figueiredo
> >>>> >>>>>> > <thiagohp@...> wrote:
> >>>> >>>>>> >> +1
> >>>> >>>>>> >>
> >>>> >>>>>> >> Em Fri, 20 Nov 2009 07:09:03 -0200, David Rees <
> >>>> drees76@...>
> >>>> >>>>>> escreveu:
> >>>> >>>>>> >>
> >>>> >>>>>> >>> On Thu, Nov 19, 2009 at 10:24 PM, Igor Drobiazko
> >>>> >>>>>> >>> <igor.drobiazko@...> wrote:
> >>>> >>>>>> >>>>
> >>>> >>>>>> >>>> We should release 5.1.0.6 asap because of the security
> issues.
> >>>> What if
> >>>> >>>>>> we
> >>>> >>>>>> >>>> only backport already fixed issues in 5.2.0.0 snapshots,
> >>>> release
> >>>> >>>>>> 5.1.0.6
> >>>> >>>>>> >>>> and
> >>>> >>>>>> >>>> immidiately go on with 5.1.0.7?
> >>>> >>>>>> >>>
> >>>> >>>>>> >>> I'm a big fan of "release often" as long as people are
> willing
> >>>> to do it
> >>>> >>>>>> -
> >>>> >>>>>> >>> so +1.
> >>>> >>>>>> >>>
> >>>> >>>>>> >>> -Dave
> >>>> >>>>>> >>>
> >>>> >>>>>> >>>
> >>>> ---------------------------------------------------------------------
> >>>> >>>>>> >>> To unsubscribe, e-mail:
> dev-unsubscribe@...
> >>>> >>>>>> >>> For additional commands, e-mail:
> dev-help@...
> >>>> >>>>>> >>>
> >>>> >>>>>> >>
> >>>> >>>>>> >>
> >>>> >>>>>> >> --
> >>>> >>>>>> >> Thiago H. de Paula Figueiredo
> >>>> >>>>>> >> Independent Java, Apache Tapestry 5 and Hibernate
> consultant,
> >>>> developer,
> >>>> >>>>>> and
> >>>> >>>>>> >> instructor
> >>>> >>>>>> >> Owner, software architect and developer, Ars Machina
> Tecnologia
> >>>> da
> >>>> >>>>>> >> Informação Ltda.
> >>>> >>>>>> >> Consultor, desenvolvedor e instrutor em Java, Tapestry e
> >>>> Hibernate
> >>>> >>>>>> >> Coordenador e professor da Especialização em Engenharia de
> >>>> Software com
> >>>> >>>>>> >> Ênfase em Java da Faculdade Pitágoras
> >>>> >>>>>> >> http://www.arsmachina.com.br
> >>>> >>>>>> >>
> >>>> >>>>>> >>
> >>>> ---------------------------------------------------------------------
> >>>> >>>>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> >>>>>> >> For additional commands, e-mail:
> dev-help@...
> >>>> >>>>>> >>
> >>>> >>>>>> >>
> >>>> >>>>>> >
> >>>> >>>>>> >
> >>>> >>>>>> >
> >>>> >>>>>> > --
> >>>> >>>>>> > Andreas Andreou - andyhot@... -
> http://blog.andyhot.gr
> >>>> >>>>>> > Tapestry / Tacos developer
> >>>> >>>>>> > Open Source / JEE Consulting
> >>>> >>>>>> >
> >>>> >>>>>> >
> >>>> ---------------------------------------------------------------------
> >>>> >>>>>> > To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> >>>>>> > For additional commands, e-mail:
> dev-help@...
> >>>> >>>>>> >
> >>>> >>>>>> >
> >>>> >>>>>>
> >>>> >>>>>>
> >>>> >>>>>>
> >>>> >>>>>> --
> >>>> >>>>>> Howard M. Lewis Ship
> >>>> >>>>>>
> >>>> >>>>>> Creator of Apache Tapestry
> >>>> >>>>>>
> >>>> >>>>>> The source for Tapestry training, mentoring and support.
> Contact me
> >>>> to
> >>>> >>>>>> learn how I can get you up and productive in Tapestry fast!
> >>>> >>>>>>
> >>>> >>>>>> (971) 678-5210
> >>>> >>>>>> http://howardlewisship.com
> >>>> >>>>>>
> >>>> >>>>>>
> >>>> ---------------------------------------------------------------------
> >>>> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> >>>>>> For additional commands, e-mail: dev-help@...
> >>>> >>>>>>
> >>>> >>>>>>
> >>>> >>>>>
> >>>> >>>>>
> >>>> >>>>> --
> >>>> >>>>> Best regards,
> >>>> >>>>>
> >>>> >>>>> Igor Drobiazko
> >>>> >>>>>
> >>>> >>>>
> >>>> >>>>
> >>>> >>>>
> >>>> >>>> --
> >>>> >>>> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> >>>> >>>> Tapestry / Tacos developer
> >>>> >>>> Open Source / JEE Consulting
> >>>> >>>>
> >>>> >>>>
> ---------------------------------------------------------------------
> >>>> >>>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> >>>> For additional commands, e-mail: dev-help@...
> >>>> >>>>
> >>>> >>>>
> >>>> >>>
> >>>> >>>
> >>>> >>>
> >>>> >>> --
> >>>> >>> Howard M. Lewis Ship
> >>>> >>>
> >>>> >>> Creator of Apache Tapestry
> >>>> >>>
> >>>> >>> The source for Tapestry training, mentoring and support. Contact
> me to
> >>>> >>> learn how I can get you up and productive in Tapestry fast!
> >>>> >>>
> >>>> >>> (971) 678-5210
> >>>> >>> http://howardlewisship.com
> >>>> >>>
> >>>> >>>
> ---------------------------------------------------------------------
> >>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> >>> For additional commands, e-mail: dev-help@...
> >>>> >>>
> >>>> >>>
> >>>> >>
> >>>> >>
> >>>> >>
> >>>> >> --
> >>>> >> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> >>>> >> Tapestry / Tacos developer
> >>>> >> Open Source / JEE Consulting
> >>>> >>
> >>>> >>
> ---------------------------------------------------------------------
> >>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> >> For additional commands, e-mail: dev-help@...
> >>>> >>
> >>>> >>
> >>>> >
> >>>> >
> ---------------------------------------------------------------------
> >>>> > To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> > For additional commands, e-mail: dev-help@...
> >>>> >
> >>>> >
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Howard M. Lewis Ship
> >>>>
> >>>> Creator of Apache Tapestry
> >>>>
> >>>> The source for Tapestry training, mentoring and support. Contact me to
> >>>> learn how I can get you up and productive in Tapestry fast!
> >>>>
> >>>> (971) 678-5210
> >>>> http://howardlewisship.com
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> For additional commands, e-mail: dev-help@...
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Best regards,
> >>>
> >>> Igor Drobiazko
> >>>
> >>
> >>
> >>
> >> --
> >> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> >> Tapestry / Tacos developer
> >> Open Source / JEE Consulting
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@...
> >> For additional commands, e-mail: dev-help@...
> >>
> >>
> >
> >
> >
> > --
> > Howard M. Lewis Ship
> >
> > Creator of Apache Tapestry
> >
> > The source for Tapestry training, mentoring and support. Contact me to
> > learn how I can get you up and productive in Tapestry fast!
> >
> > (971) 678-5210
> > http://howardlewisship.com
> >
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator of Apache Tapestry
>
> The source for Tapestry training, mentoring and support. Contact me to
> learn how I can get you up and productive in Tapestry fast!
>
> (971) 678-5210
> http://howardlewisship.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>

--
Best regards,

Igor Drobiazko

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-23T12:47:14Z

Release notes + maven site.

On Mon, Nov 23, 2009 at 8:53 PM, Ulrich Stärk <uli@...> wrote:

> This will break all applications using chenillekit until the chenillekit
> devs update their code and should be visibly documented somewhere.
>
> Uli
>
> Howard Lewis Ship schrieb:
>
> Good catch, and I agree.
>>
>> On Mon, Nov 23, 2009 at 10:07 AM, Igor Drobiazko
>> <igor.drobiazko@...> wrote:
>>
>>> I think the contribution "^org/chenillekit/tapestry/" should be removed
>>> from
>>> the configuration of the RegexpAuthorizer. App developers using
>>> Chenillekit
>>> should contribute it.
>>>
>>> On Mon, Nov 9, 2009 at 6:23 PM, <robertdzeigler@...> wrote:
>>>
>>> Author: robertdzeigler
>>>> Date: Mon Nov 9 17:23:10 2009
>>>> New Revision: 834151
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=834151&view=rev
>>>> Log:
>>>> TAP5-815: Asset dispatcher allows any file inside the webapp visible and
>>>> downloadable (5.2 branch)
>>>>
>>>> Added:
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>>> Modified:
>>>> tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>>>
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>>>
>>>> Modified: tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt?rev=834151&r1=834150&r2=834151&view=diff
>>>>
>>>>
>>>> ==============================================================================
>>>> --- tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt (original)
>>>> +++ tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt Mon Nov 9
>>>> 17:23:10 2009
>>>> @@ -138,6 +138,31 @@
>>>> In addition, context assets will use the URL prefix
>>>> <<</assets/ctx/>>><app-version><<</>>>.
>>>>
>>>>
>>>> +Securing Assets
>>>> +
>>>> + Securing assets is an important consideration for any web
>>>> application.
>>>> Many assets, such as hibernate configuration
>>>> + files, sit in the classpath and are exposable via the Asset service,
>>>> which is not desirable. To protect these and
>>>> + other sensitive assets, Tapestry provides the
>>>> AssetProtectionDispatcher.
>>>> This dispatcher sits in front of the
>>>> + AssetDispatcher, the service responsible for streaming assets to the
>>>> client, and watches for Asset requests.
>>>> + When an asset request comes in, the protection dispatcher checks for
>>>> authorization to view the file against a
>>>> + contributed list of AssetPathAuthorizer implementations.
>>>> Determination
>>>> of whether the client can view the requested
>>>> + resource is then made based on whether any of the contributed
>>>> AssetPathAuthorizer implementations explicitly allowed
>>>> + or denied access to the resource.
>>>> +
>>>> + Tapestry provides two AssetPathAuthorizer implemenations "out of the
>>>> box" to which users may contribute: RegexAuthorizer
>>>> + and WhitelistAuthorizer. RegexAuthorizer uses regular expressions to
>>>> determine assets which are viewable by the
>>>> + client; any assets that match one of its (contributed) regular
>>>> expressions are authorized. Anything not matched is
>>>> + passed through to the WhitelistAuthorizer. WhitelistAuthorizer uses
>>>> an
>>>> exact-matching whitelist. Anything matching
>>>> + exactly one its contributions is allowed; all other asset requests
>>>> are
>>>> denied. The default tapestry configuration
>>>> + contributes nothing to WhitelistAuthorizer (access will be denied to
>>>> all
>>>> asset requests passed through to it), and
>>>> + explicitly allows access to css, jpg, jpeg, js, png, and gif files
>>>> associated with tapestry (tapestry.js, blackbird
>>>> + files, date picker files, etc.). The default contribution also
>>>> enables
>>>> access to the css, jpg, jpeg, js, png, and gif
>>>> + files provided by the popular chenille-kit 3rd party library. The
>>>> default configuration denies access to all other
>>>> + assets. To enable access to your application's assets, either
>>>> contribute a custom AssetPathAnalyzer, or contribute
>>>> + appropriate regular expression or exact path contributions to
>>>> RegexAuthorizer or WhitelistAuthorizer, respectively.
>>>> + See TapestryModule.contribteRegexAuthorizer for examples.
>>>> +
>>>> +
>>>> Performance Notes
>>>>
>>>> Assets are expected to be entirely static (not changing while the
>>>> application is deployed). When Tapestry generates a URL
>>>> @@ -146,4 +171,4 @@
>>>> asset.
>>>>
>>>> In addition, Tapestry will {{{compress.html}GZIP compress}} the content
>>>> of <all> assets (if the asset
>>>> - is compressable, and the client supports it).
>>>> \ No newline at end of file
>>>> + is compressable, and the client supports it).
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,92 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +package org.apache.tapestry5.internal.services;
>>>> +
>>>> +import java.io.IOException;
>>>> +import java.util.Collection;
>>>> +import java.util.Collections;
>>>> +import java.util.List;
>>>> +
>>>> +import javax.servlet.http.HttpServletResponse;
>>>> +
>>>> +import org.apache.tapestry5.internal.services.RequestConstants;
>>>> +import org.apache.tapestry5.services.*;
>>>> +import org.slf4j.Logger;
>>>> +
>>>> +/**
>>>> + * Dispatcher that handles whether to allow or deny access to
>>>> particular
>>>> + * assets. Actual work of authorizing a particular url is handled by
>>>> + * implementations of AssetPathAuthorizer. Configuration is an ordered
>>>> + * list of AssetPathAuthorizers. Each authorizer specifies an order of
>>>> + * operations as a list (see AssetPathAuthorizer.Order).
>>>> + *
>>>> + */
>>>> +public class AssetProtectionDispatcher implements Dispatcher
>>>> +{
>>>> +
>>>> + private final Collection<AssetPathAuthorizer> authorizers;
>>>> + private final ClasspathAssetAliasManager assetAliasManager;
>>>> + private final Logger logger;
>>>> +
>>>> + public AssetProtectionDispatcher(
>>>> + List<AssetPathAuthorizer> auths,
>>>> + ClasspathAssetAliasManager manager,
>>>> + Logger logger)
>>>> + {
>>>> + this.authorizers = Collections.unmodifiableList(auths);
>>>> + this.assetAliasManager = manager;
>>>> + this.logger = logger;
>>>> + }
>>>> +
>>>> + public boolean dispatch(Request request, Response response)
>>>> + throws IOException
>>>> + {
>>>> + String path = request.getPath();
>>>> + //we only protect assets, and don't examine any other url's.
>>>> + if (!path.startsWith(RequestConstants.ASSET_PATH_PREFIX))
>>>> + {
>>>> + return false;
>>>> + }
>>>> + String resourcePath = assetAliasManager.toResourcePath(path);
>>>> + for(AssetPathAuthorizer auth : authorizers)
>>>> + {
>>>> + for(AssetPathAuthorizer.Order o : auth.order())
>>>> + {
>>>> + if (o == AssetPathAuthorizer.Order.ALLOW)
>>>> + {
>>>> + if (auth.accessAllowed(resourcePath))
>>>> + {
>>>> + logger.debug("Allowing access to " +
>>>> resourcePath);
>>>> + return false;
>>>> + }
>>>> + }
>>>> + else
>>>> + {
>>>> + if (auth.accessDenied(resourcePath))
>>>> + {
>>>> + logger.debug("Denying access to " +
>>>> resourcePath);
>>>> +
>>>> response.sendError(HttpServletResponse.SC_FORBIDDEN,resourcePath);
>>>> + return true;
>>>> + }
>>>> + }
>>>> + }
>>>> + }
>>>> + //if we get here, no Authorizer had anything useful to say
>>>> about
>>>> the resourcePath.
>>>> + //so let it fall through.
>>>> + logger.debug("Fell through the list of authorizers. Allowing
>>>> access to: " + resourcePath);
>>>> + return false;
>>>> + }
>>>> +
>>>> +}
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,76 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +package org.apache.tapestry5.internal.services;
>>>> +
>>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>>> +
>>>> +import java.util.ArrayList;
>>>> +import java.util.Arrays;
>>>> +import java.util.Collection;
>>>> +import java.util.Collections;
>>>> +import java.util.List;
>>>> +import java.util.regex.Pattern;
>>>> +
>>>> +/**
>>>> + * Provides a regex-based authorization scheme for asset-access
>>>> authorization.
>>>> + * Note that this implementation doesn't actually deny access to
>>>> anything.
>>>> + * But it's placement within the chain of command of authorizers is
>>>> just
>>>> before
>>>> + * the whitelist authorizer, which has an explicit deny policy.
>>>> + * Hence, as long as the whitelist authorizer is being used in
>>>> conjunction
>>>> with
>>>> + * the regex authorizer, there is no need to worry about accessDenied
>>>> in
>>>> this authorizer.
>>>> + *
>>>> + */
>>>> +public class RegexAuthorizer implements AssetPathAuthorizer
>>>> +{
>>>> +
>>>> + private final Collection<Pattern> _regexes;
>>>> +
>>>> + public RegexAuthorizer(final Collection<String> regex)
>>>> + {
>>>> + //an alternate way to construct this would be to make sure that
>>>> each pattern is grouped
>>>> + //and then to regex or the various patterns together into a
>>>> single
>>>> pattern.
>>>> + //that might be faster, but probably not enough to make a
>>>> difference, and this is cleaner.
>>>> + List<Pattern> tmp = new ArrayList<Pattern>();
>>>> + for(String exp : regex)
>>>> + {
>>>> + tmp.add(Pattern.compile(exp));
>>>> + }
>>>> + _regexes = Collections.unmodifiableCollection(tmp);
>>>> +
>>>> + }
>>>> +
>>>> + public boolean accessAllowed(String resourcePath)
>>>> + {
>>>> + for(Pattern regex : _regexes)
>>>> + {
>>>> + if (regex.matcher(resourcePath).matches())
>>>> + {
>>>> + return true;
>>>> + }
>>>> + }
>>>> + return false;
>>>> + }
>>>> +
>>>> + public boolean accessDenied(String resourcePath)
>>>> + {
>>>> + return false;
>>>> + }
>>>> +
>>>> + public List<Order> order()
>>>> + {
>>>> + return Arrays.asList(Order.ALLOW);
>>>> + }
>>>> +
>>>> +}
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,59 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +package org.apache.tapestry5.internal.services;
>>>> +
>>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>>> +
>>>> +import java.util.Arrays;
>>>> +import java.util.Collection;
>>>> +import java.util.List;
>>>> +import java.util.Map;
>>>> +import java.util.concurrent.ConcurrentHashMap;
>>>> +
>>>> +/**
>>>> + * AssetPathAuthorizer that determines access rights based on exact
>>>> matching to a contributed whitelist.
>>>> + * Any resource not explicitly specified in the whitelist is denied
>>>> access.
>>>> + */
>>>> +public class WhitelistAuthorizer implements AssetPathAuthorizer
>>>> +{
>>>> +
>>>> + public List<Order> order()
>>>> + {
>>>> + return Arrays.asList(Order.ALLOW, Order.DENY);
>>>> + }
>>>> +
>>>> + //hash the resource paths for fast lookups.
>>>> + private final Map<String, Boolean> _paths;
>>>> +
>>>> + public WhitelistAuthorizer(Collection<String> paths)
>>>> + {
>>>> + _paths = new ConcurrentHashMap<String, Boolean>();
>>>> + for(String path : paths)
>>>> + {
>>>> + _paths.put(path, true);
>>>> + }
>>>> + }
>>>> +
>>>> + public boolean accessAllowed(String resourcePath)
>>>> + {
>>>> + return (_paths.containsKey(resourcePath));
>>>> + }
>>>> +
>>>> + public boolean accessDenied(String resourcePath)
>>>> + {
>>>> + return !_paths.containsKey(resourcePath);
>>>> + }
>>>> +
>>>> +}
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,76 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +package org.apache.tapestry5.services;
>>>> +
>>>> +import java.util.List;
>>>> +
>>>> +/**
>>>> + * Determines whether access to an asset is allowed, denied, or
>>>> undetermined.
>>>> + * Each contributed authorizer makes up part of a chain of command for
>>>> determining access.
>>>> + * Access is explicitly allowed if accessAllowed returns true.
>>>> + * Access is explicitly denied if accessDenied returns true.
>>>> + * Ordering depends on the order specified by the "order" parameter.
>>>> + * Hence, an implementation which specifies an order of:
>>>> + * ALLOW, DENY, and returns true from both accessAllowed and
>>>> accessDenied
>>>> + * will allow access for all resources. With the same return values for
>>>> the
>>>> + * access* methods but the order switched to DENY, ALLOW, access to all
>>>> resources
>>>> + * would be denied. It is possible for an authorizer to have "nothing
>>>> + * to say" regarding a particular resource. If accessAllowed returns
>>>> false,
>>>> + * it does not mean that access is denied, merely that it is not
>>>> explicitly allowed.
>>>> + * If accessDenied returns false, it does not mean that access is
>>>> allowed,
>>>> merely that
>>>> + * it is not explicitly denied. Hence, if both accessAllowed and
>>>> accessDenied return false,
>>>> + * control will pass to the next authorizer in the chain.
>>>> + *
>>>> + */
>>>> +public interface AssetPathAuthorizer
>>>> +{
>>>> +
>>>> + /**
>>>> + * Types of orderings, either ALLOW or DENY.
>>>> + */
>>>> + enum Order {ALLOW, DENY;}
>>>> +
>>>> + /**
>>>> + * Specify the ordering for this authorizer.
>>>> + * @return the operations for this authorizer.
>>>> + * Operations will be performed in the order returned by the
>>>> iterator.
>>>> + * It is assumed that the authorizer correctly implements each form
>>>> of
>>>> + * ordering returned. It is acceptable to only return only ALLOW or
>>>> DENY.
>>>> + */
>>>> + List<Order> order();
>>>> +
>>>> + /**
>>>> + * Determines whether a request to "resourcePath" is allowed.
>>>> + * @param resourcePath
>>>> + * @return true if access is explicitly allowed for the path. False
>>>> otherwise.
>>>> + * For example, a whitelist implementation would return true if the
>>>> resource
>>>> + * was listed, and false otherwise. A blacklist implementation
>>>> would
>>>> return
>>>> + * false regardless of whether the path was in the blacklist.
>>>> + * Alternatively, if the blacklist specified an order of DENY,
>>>> ALLOW,
>>>> it could
>>>> + * return true from accessAllowed if the resource was not
>>>> explicitly
>>>> listed in its
>>>> + * blacklist.
>>>> + */
>>>> + boolean accessAllowed(String resourcePath);
>>>> +
>>>> + /**
>>>> + *
>>>> + * @param resourcePath
>>>> + * @return true if access is explicitly prohibited for the path.
>>>> False
>>>> otherwise.
>>>> + * For example, a whitelist implementation would return true if the
>>>> resource was
>>>> + * not explicitly listed, and false otherwise. A blacklist
>>>> implementation would
>>>> + * return true if the resource was explicitly denied, and false
>>>> otherwise.
>>>> + */
>>>> + boolean accessDenied(String resourcePath);
>>>> +}
>>>>
>>>> Modified:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834151&r1=834150&r2=834151&view=diff
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>>> (original)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -305,6 +305,9 @@
>>>> binder.bind(PageRenderLinkSource.class,
>>>> PageRenderLinkSourceImpl.class);
>>>> binder.bind(ClientInfrastructure.class,
>>>> ClientInfrastructureImpl.class);
>>>> binder.bind(URLRewriter.class, URLRewriterImpl.class);
>>>> + binder.bind(Dispatcher.class,
>>>> AssetProtectionDispatcher.class).withId("AssetProtectionDispatcher");
>>>> + binder.bind(AssetPathAuthorizer.class,
>>>> WhitelistAuthorizer.class).withId("WhitelistAuthorizer");
>>>> + binder.bind(AssetPathAuthorizer.class,
>>>> RegexAuthorizer.class).withId("RegexAuthorizer");
>>>> }
>>>>
>>>> //
>>>> ========================================================================
>>>> @@ -1572,13 +1575,17 @@
>>>> * and forwards onto {@link PageRenderRequestHandler}</dd>
>>>> <dt>ComponentEvent</dt> <dd>Identifies the {@link
>>>> * ComponentEventRequestParameters} and forwards onto the {@link
>>>> ComponentEventRequestHandler}</dd> </dl>
>>>> */
>>>> - public static void
>>>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher>
>>>> configuration)
>>>> + public static void
>>>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher>
>>>> configuration,
>>>> +
>>>> @InjectService("AssetProtectionDispatcher") Dispatcher assetProt)
>>>> {
>>>> // Looks for the root path and renders the start page. This is
>>>> maintained for compatibility
>>>> // with earlier versions of Tapestry 5, it is recommended that an
>>>> Index page be used instead.
>>>>
>>>> configuration.addInstance("RootPath", RootPathDispatcher.class,
>>>> "before:Asset");
>>>>
>>>> + //this goes before asset to make sure that only allowed assets
>>>> are
>>>> streamed to the client.
>>>> + configuration.add("AssetProtection", assetProt,
>>>> "before:Asset");
>>>> +
>>>> // This goes first because an asset to be streamed may have an
>>>> file
>>>> extension, such as
>>>> // ".html", that will confuse the later dispatchers.
>>>>
>>>> @@ -1591,6 +1598,7 @@
>>>> configuration.addInstance("PageRender",
>>>> PageRenderDispatcher.class);
>>>> }
>>>>
>>>> +
>>>> /**
>>>> * Contributes a default object renderer for type Object, plus
>>>> specialized renderers for {@link
>>>> * org.apache.tapestry5.services.Request}, {@link
>>>> org.apache.tapestry5.ioc.Location}, {@link
>>>> @@ -2480,4 +2488,41 @@
>>>> };
>>>> }
>>>>
>>>> + /**
>>>> + * Contributes the default set of AssetPathAuthorizers into the
>>>> AssetProtectionDispatcher.
>>>> + * @param whitelist authorization based on explicit whitelisting.
>>>> + * @param regex authorization based on pattern matching.
>>>> + * @param conf
>>>> + */
>>>> + public static void contributeAssetProtectionDispatcher(
>>>> + @InjectService("WhitelistAuthorizer") AssetPathAuthorizer
>>>> whitelist,
>>>> + @InjectService("RegexAuthorizer") AssetPathAuthorizer
>>>> regex,
>>>> + OrderedConfiguration<AssetPathAuthorizer> conf)
>>>> + {
>>>> + //putting whitelist after everything ensures that, in fact,
>>>> nothing falls through.
>>>> + //also ensures that whitelist gives other authorizers the
>>>> chance
>>>> to act...
>>>> + conf.add("regex",regex,"before:whitelist");
>>>> + conf.add("whitelist", whitelist,"after:*");
>>>> + }
>>>> +
>>>> + public void contributeRegexAuthorizer(Configuration<String> regex,
>>>> + @Symbol("tapestry.scriptaculous.path") String
>>>> scriptPath,
>>>> + @Symbol("tapestry.blackbird.path") String
>>>> blackbirdPath,
>>>> + @Symbol("tapestry.datepicker.path") String
>>>> datepickerPath)
>>>> + {
>>>> + //allow any js, jpg, jpeg, png, or css under
>>>> org/chenillekit/tapstry. The funky bit of ([^/.]+/)* is what allows
>>>> + //multiple paths, while not allowing any of those paths to
>>>> contains ./ or ../ thereby preventing paths like:
>>>> + //org/chenillekit/tapestry/../../../foo.js
>>>> + String pathPattern =
>>>> "([^/.]+/)*[^/.]+\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
>>>> + regex.add("^org/chenillekit/tapestry/" + pathPattern);
>>>> +
>>>> + regex.add("^org/apache/tapestry5/" + pathPattern);
>>>> +
>>>> + regex.add(blackbirdPath + "/" + pathPattern);
>>>> + regex.add(datepickerPath + "/" + pathPattern);
>>>> + regex.add(scriptPath + "/" + pathPattern);
>>>> + //allow access to virtual assets. Critical for
>>>> tapestry-combined
>>>> js files.
>>>> + regex.add("virtual/" + pathPattern);
>>>> + }
>>>> +
>>>> }
>>>>
>>>> Modified:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834151&r1=834150&r2=834151&view=diff
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>>> (original)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -257,4 +257,22 @@
>>>> {
>>>> configuration.add("ReverseStringsWorker", new
>>>> ReverseStringsWorker());
>>>> }
>>>> +
>>>> + public static void contributeRegexAuthorizer(Configuration<String>
>>>> configuration) {
>>>> + //use this rather than a blanket regex (^.*.jpg$, etc.); want
>>>> to
>>>> be sure that tests pass from the default
>>>> + //configuration setup, (eg: this way, I realized that the
>>>> "virtual" assets folder
>>>> + //needed to be opened up in the tapestry-provided
>>>> contributions)
>>>> rather than from some blanket configuration in the appmodule
>>>> + //opening up all css, js, etc. files.
>>>> + //would contribute to whitelist except that the resource path
>>>> between ctxt and the rest of the path can change.
>>>> + configuration.add("^ctx/[^/]+/css/app\\.css$");
>>>> + configuration.add("^ctx/[^/]+/layout/style\\.css$");
>>>> + configuration.add("^ctx/[^/]+/layout/images/bg\\.gif$");
>>>> + configuration.add("^ctx/[^/]+/layout/images/header\\.gif$");
>>>> +
>>>> configuration.add("^ctx/[^/]+/layout/images/rightsmall\\.gif$");
>>>> + configuration.add("^ctx/[^/]+/layout/images/rightbig\\.gif$");
>>>> + configuration.add("^ctx/[^/]+/layout/images/bottom\\.gif$");
>>>> + configuration.add("^ctx/[^/]+/layout/images/footer\\.gif$");
>>>> + configuration.add("^ctx/[^/]+/images/tapestry_banner\\.gif$");
>>>> + configuration.add("^ctx/[^/]+/images/asf_logo_wide\\.gif$");
>>>> + }
>>>> }
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,92 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +package org.apache.tapestry5.internal.services;
>>>> +
>>>> +import static org.easymock.EasyMock.createMock;
>>>> +import static org.easymock.EasyMock.expect;
>>>> +import static org.easymock.EasyMock.*;
>>>> +
>>>> +import java.io.IOException;
>>>> +import java.util.ArrayList;
>>>> +import java.util.Arrays;
>>>> +import java.util.Collections;
>>>> +import java.util.List;
>>>> +
>>>> +import javax.servlet.http.HttpServletResponse;
>>>> +
>>>> +import org.apache.tapestry5.internal.services.RequestConstants;
>>>> +import
>>>> org.apache.tapestry5.internal.services.AssetProtectionDispatcher;
>>>> +import org.apache.tapestry5.services.ClasspathAssetAliasManager;
>>>> +import org.apache.tapestry5.services.Request;
>>>> +import org.apache.tapestry5.services.Response;
>>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>>> +import org.testng.Assert;
>>>> +import org.testng.annotations.Test;
>>>> +import org.slf4j.Logger;
>>>> +
>>>> +public class AssetProtectionDispatcherTest extends Assert
>>>> +{
>>>> +
>>>> + @Test
>>>> + public void ignores_nonassets() throws IOException
>>>> + {
>>>> + //shouldn't need any configuration here...
>>>> + List<AssetPathAuthorizer> auths = Collections.emptyList();
>>>> + Logger logger = createMock(Logger.class);
>>>> + AssetProtectionDispatcher disp = new
>>>> AssetProtectionDispatcher(auths,null,logger);
>>>> + Request request = createMock(Request.class);
>>>> + expect(request.getPath()).andReturn("start");
>>>> + Response response = createMock(Response.class);
>>>> + replay(request,response,logger);
>>>> + assertFalse(disp.dispatch(request, response));
>>>> + verify(request,response,logger);
>>>> + }
>>>> +
>>>> + @Test
>>>> + public void checks_authorizers() throws IOException
>>>> + {
>>>> + Logger logger = createMock(Logger.class);
>>>> + List<AssetPathAuthorizer> auths = new
>>>> ArrayList<AssetPathAuthorizer>();
>>>> + AssetPathAuthorizer auth =
>>>> createMock(AssetPathAuthorizer.class);
>>>> +
>>>> +
>>>>
>>>> expect(auth.order()).andReturn(Arrays.asList(AssetPathAuthorizer.Order.ALLOW,
>>>> AssetPathAuthorizer.Order.DENY)).times(2);
>>>> +
>>>> + expect(auth.accessAllowed("/cayenne.xml")).andReturn(false);
>>>> + expect(auth.accessDenied("/cayenne.xml")).andReturn(true);
>>>> +
>>>>
>>>> expect(auth.accessAllowed("/org/apache/tapestry/default.css")).andReturn(true);
>>>> + auths.add(auth);
>>>> +
>>>> + logger.debug("Denying access to /cayenne.xml");
>>>> + logger.debug("Allowing access to
>>>> /org/apache/tapestry/default.css");
>>>> +
>>>> + Request request = createMock(Request.class);
>>>> + Response response = createMock(Response.class);
>>>> +
>>>> expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX
>>>> +
>>>> "/cayenne.xml");
>>>> +
>>>> expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX
>>>> +
>>>> "/org/apache/tapestry/default.css");
>>>> + response.sendError(HttpServletResponse.SC_FORBIDDEN,
>>>> "/cayenne.xml");
>>>> +
>>>> + ClasspathAssetAliasManager manager =
>>>> createMock(ClasspathAssetAliasManager.class);
>>>> +
>>>> expect(manager.toResourcePath(RequestConstants.ASSET_PATH_PREFIX +
>>>> "/cayenne.xml")).andReturn("/cayenne.xml");
>>>> + expect(manager.toResourcePath(
>>>> + RequestConstants.ASSET_PATH_PREFIX +
>>>> "/org/apache/tapestry/default.css"))
>>>> + .andReturn("/org/apache/tapestry/default.css");
>>>> + replay(auth,request,response,manager,logger);
>>>> + AssetProtectionDispatcher disp = new
>>>> AssetProtectionDispatcher(auths,manager,logger);
>>>> +
>>>> + assertTrue(disp.dispatch(request,response));
>>>> + assertFalse(disp.dispatch(request, response));
>>>> + verify(auth,request,response,logger);
>>>> + }
>>>> +}
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,53 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +package org.apache.tapestry5.internal.services;
>>>> +
>>>> +import java.util.Arrays;
>>>> +import java.util.List;
>>>> +
>>>> +import org.testng.Assert;
>>>> +import org.testng.annotations.Test;
>>>> +import org.apache.tapestry5.internal.services.RegexAuthorizer;
>>>> +
>>>> +public class RegexAuthorizerTest extends Assert
>>>> +{
>>>> +
>>>> + @Test
>>>> + public void test_regexes()
>>>> + {
>>>> + List<String> patterns =
>>>> Arrays.asList("^.*\\.png$","^.*\\.jpg","^.*\\.jpeg");
>>>> + RegexAuthorizer auth = new RegexAuthorizer(patterns);
>>>> + String pkg = "assets/com/saiwaisolutions/resources/";
>>>> + String png = pkg + "foo.png";
>>>> + String jpg = pkg + "foo.jpg";
>>>> + String jpeg = pkg + "foo.jpeg";
>>>> + String xml = pkg + "foo.xml";
>>>> + test(auth,png,true);
>>>> + test(auth,jpg,true);
>>>> + test(auth,jpeg,true);
>>>> + test(auth,xml,false);
>>>> + }
>>>> +
>>>> + private static void test(RegexAuthorizer auth, String one,boolean
>>>> allowed)
>>>> + {
>>>> + assertEquals(auth.accessAllowed(one),allowed);
>>>> + assertEquals(
>>>> + auth.accessAllowed(
>>>> + "http://localhost:8080" + one),
>>>> + allowed);
>>>> + assertFalse(auth.accessDenied(one));
>>>> + assertFalse(auth.accessDenied("http://localhost:8080" + one));
>>>> + }
>>>> +}
>>>>
>>>> Added:
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>>> URL:
>>>>
>>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834151&view=auto
>>>>
>>>>
>>>> ==============================================================================
>>>> ---
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>>> (added)
>>>> +++
>>>>
>>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>>> Mon Nov 9 17:23:10 2009
>>>> @@ -0,0 +1,45 @@
>>>> +// Copyright 2009 The Apache Software Foundation
>>>> +//
>>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>>> +// you may not use this file except in compliance with the License.
>>>> +// You may obtain a copy of the License at
>>>> +//
>>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>>> +//
>>>> +// Unless required by applicable law or agreed to in writing, software
>>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>>> implied.
>>>> +// See the License for the specific language governing permissions and
>>>> +// limitations under the License.
>>>> +
>>>> +/*
>>>> + * Created on Jul 28, 2007
>>>> + *
>>>> + *
>>>> + */
>>>> +package org.apache.tapestry5.internal.services;
>>>> +
>>>> +import java.util.Arrays;
>>>> +
>>>> +import org.testng.Assert;
>>>> +import org.testng.annotations.Test;
>>>> +import org.apache.tapestry5.internal.services.WhitelistAuthorizer;
>>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>>> +
>>>> +public class WhitelistAuthorizerTest extends Assert {
>>>> +
>>>> + @Test
>>>> + public void run()
>>>> + {
>>>> + WhitelistAuthorizer auth = new
>>>> WhitelistAuthorizer(Arrays.asList("foo"));
>>>> + assertEquals(auth.order().get(0),
>>>> AssetPathAuthorizer.Order.ALLOW);
>>>> + assertEquals(auth.order().get(1),
>>>> AssetPathAuthorizer.Order.DENY);
>>>> + assertEquals(auth.order().size(),2);
>>>> + assertTrue(auth.accessAllowed("foo"));
>>>> + assertFalse(auth.accessDenied("foo"));
>>>> +
>>>> + assertFalse(auth.accessAllowed("bar"));
>>>> + assertTrue(auth.accessDenied("bar"));
>>>> + }
>>>> +
>>>> +}
>>>>
>>>>
>>>>
>>>>
>>> --
>>> Best regards,
>>>
>>> Igor Drobiazko
>>>
>>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>

--
Best regards,

Igor Drobiazko

Re: 5.1 - 5.0 next releases?

2009-11-23T12:45:20Z

Thanks. It is 5.1.0.x-dev.

On Mon, Nov 23, 2009 at 8:47 PM, Howard Lewis Ship <hlship@...> wrote:

--
Best regards,

Igor Drobiazko

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-23T11:53:19Z

This will break all applications using chenillekit until the chenillekit
devs update their code and should be visibly documented somewhere.

Uli

Howard Lewis Ship schrieb:

> Good catch, and I agree.
>
> On Mon, Nov 23, 2009 at 10:07 AM, Igor Drobiazko
> <igor.drobiazko@...> wrote:
>> I think the contribution "^org/chenillekit/tapestry/" should be removed from
>> the configuration of the RegexpAuthorizer. App developers using Chenillekit
>> should contribute it.
>>
>> On Mon, Nov 9, 2009 at 6:23 PM, <robertdzeigler@...> wrote:
>>
>>> Author: robertdzeigler
>>> Date: Mon Nov 9 17:23:10 2009
>>> New Revision: 834151
>>>
>>> URL: http://svn.apache.org/viewvc?rev=834151&view=rev
>>> Log:
>>> TAP5-815: Asset dispatcher allows any file inside the webapp visible and
>>> downloadable (5.2 branch)
>>>
>>> Added:
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>> Modified:
>>> tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>>
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>>
>>> Modified: tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt?rev=834151&r1=834150&r2=834151&view=diff
>>>
>>> ==============================================================================
>>> --- tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt (original)
>>> +++ tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt Mon Nov 9
>>> 17:23:10 2009
>>> @@ -138,6 +138,31 @@
>>> In addition, context assets will use the URL prefix
>>> <<</assets/ctx/>>><app-version><<</>>>.
>>>
>>>
>>> +Securing Assets
>>> +
>>> + Securing assets is an important consideration for any web application.
>>> Many assets, such as hibernate configuration
>>> + files, sit in the classpath and are exposable via the Asset service,
>>> which is not desirable. To protect these and
>>> + other sensitive assets, Tapestry provides the AssetProtectionDispatcher.
>>> This dispatcher sits in front of the
>>> + AssetDispatcher, the service responsible for streaming assets to the
>>> client, and watches for Asset requests.
>>> + When an asset request comes in, the protection dispatcher checks for
>>> authorization to view the file against a
>>> + contributed list of AssetPathAuthorizer implementations. Determination
>>> of whether the client can view the requested
>>> + resource is then made based on whether any of the contributed
>>> AssetPathAuthorizer implementations explicitly allowed
>>> + or denied access to the resource.
>>> +
>>> + Tapestry provides two AssetPathAuthorizer implemenations "out of the
>>> box" to which users may contribute: RegexAuthorizer
>>> + and WhitelistAuthorizer. RegexAuthorizer uses regular expressions to
>>> determine assets which are viewable by the
>>> + client; any assets that match one of its (contributed) regular
>>> expressions are authorized. Anything not matched is
>>> + passed through to the WhitelistAuthorizer. WhitelistAuthorizer uses an
>>> exact-matching whitelist. Anything matching
>>> + exactly one its contributions is allowed; all other asset requests are
>>> denied. The default tapestry configuration
>>> + contributes nothing to WhitelistAuthorizer (access will be denied to all
>>> asset requests passed through to it), and
>>> + explicitly allows access to css, jpg, jpeg, js, png, and gif files
>>> associated with tapestry (tapestry.js, blackbird
>>> + files, date picker files, etc.). The default contribution also enables
>>> access to the css, jpg, jpeg, js, png, and gif
>>> + files provided by the popular chenille-kit 3rd party library. The
>>> default configuration denies access to all other
>>> + assets. To enable access to your application's assets, either
>>> contribute a custom AssetPathAnalyzer, or contribute
>>> + appropriate regular expression or exact path contributions to
>>> RegexAuthorizer or WhitelistAuthorizer, respectively.
>>> + See TapestryModule.contribteRegexAuthorizer for examples.
>>> +
>>> +
>>> Performance Notes
>>>
>>> Assets are expected to be entirely static (not changing while the
>>> application is deployed). When Tapestry generates a URL
>>> @@ -146,4 +171,4 @@
>>> asset.
>>>
>>> In addition, Tapestry will {{{compress.html}GZIP compress}} the content
>>> of <all> assets (if the asset
>>> - is compressable, and the client supports it).
>>> \ No newline at end of file
>>> + is compressable, and the client supports it).
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,92 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +package org.apache.tapestry5.internal.services;
>>> +
>>> +import java.io.IOException;
>>> +import java.util.Collection;
>>> +import java.util.Collections;
>>> +import java.util.List;
>>> +
>>> +import javax.servlet.http.HttpServletResponse;
>>> +
>>> +import org.apache.tapestry5.internal.services.RequestConstants;
>>> +import org.apache.tapestry5.services.*;
>>> +import org.slf4j.Logger;
>>> +
>>> +/**
>>> + * Dispatcher that handles whether to allow or deny access to particular
>>> + * assets. Actual work of authorizing a particular url is handled by
>>> + * implementations of AssetPathAuthorizer. Configuration is an ordered
>>> + * list of AssetPathAuthorizers. Each authorizer specifies an order of
>>> + * operations as a list (see AssetPathAuthorizer.Order).
>>> + *
>>> + */
>>> +public class AssetProtectionDispatcher implements Dispatcher
>>> +{
>>> +
>>> + private final Collection<AssetPathAuthorizer> authorizers;
>>> + private final ClasspathAssetAliasManager assetAliasManager;
>>> + private final Logger logger;
>>> +
>>> + public AssetProtectionDispatcher(
>>> + List<AssetPathAuthorizer> auths,
>>> + ClasspathAssetAliasManager manager,
>>> + Logger logger)
>>> + {
>>> + this.authorizers = Collections.unmodifiableList(auths);
>>> + this.assetAliasManager = manager;
>>> + this.logger = logger;
>>> + }
>>> +
>>> + public boolean dispatch(Request request, Response response)
>>> + throws IOException
>>> + {
>>> + String path = request.getPath();
>>> + //we only protect assets, and don't examine any other url's.
>>> + if (!path.startsWith(RequestConstants.ASSET_PATH_PREFIX))
>>> + {
>>> + return false;
>>> + }
>>> + String resourcePath = assetAliasManager.toResourcePath(path);
>>> + for(AssetPathAuthorizer auth : authorizers)
>>> + {
>>> + for(AssetPathAuthorizer.Order o : auth.order())
>>> + {
>>> + if (o == AssetPathAuthorizer.Order.ALLOW)
>>> + {
>>> + if (auth.accessAllowed(resourcePath))
>>> + {
>>> + logger.debug("Allowing access to " +
>>> resourcePath);
>>> + return false;
>>> + }
>>> + }
>>> + else
>>> + {
>>> + if (auth.accessDenied(resourcePath))
>>> + {
>>> + logger.debug("Denying access to " + resourcePath);
>>> +
>>> response.sendError(HttpServletResponse.SC_FORBIDDEN,resourcePath);
>>> + return true;
>>> + }
>>> + }
>>> + }
>>> + }
>>> + //if we get here, no Authorizer had anything useful to say about
>>> the resourcePath.
>>> + //so let it fall through.
>>> + logger.debug("Fell through the list of authorizers. Allowing
>>> access to: " + resourcePath);
>>> + return false;
>>> + }
>>> +
>>> +}
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,76 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +package org.apache.tapestry5.internal.services;
>>> +
>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>> +
>>> +import java.util.ArrayList;
>>> +import java.util.Arrays;
>>> +import java.util.Collection;
>>> +import java.util.Collections;
>>> +import java.util.List;
>>> +import java.util.regex.Pattern;
>>> +
>>> +/**
>>> + * Provides a regex-based authorization scheme for asset-access
>>> authorization.
>>> + * Note that this implementation doesn't actually deny access to anything.
>>> + * But it's placement within the chain of command of authorizers is just
>>> before
>>> + * the whitelist authorizer, which has an explicit deny policy.
>>> + * Hence, as long as the whitelist authorizer is being used in conjunction
>>> with
>>> + * the regex authorizer, there is no need to worry about accessDenied in
>>> this authorizer.
>>> + *
>>> + */
>>> +public class RegexAuthorizer implements AssetPathAuthorizer
>>> +{
>>> +
>>> + private final Collection<Pattern> _regexes;
>>> +
>>> + public RegexAuthorizer(final Collection<String> regex)
>>> + {
>>> + //an alternate way to construct this would be to make sure that
>>> each pattern is grouped
>>> + //and then to regex or the various patterns together into a single
>>> pattern.
>>> + //that might be faster, but probably not enough to make a
>>> difference, and this is cleaner.
>>> + List<Pattern> tmp = new ArrayList<Pattern>();
>>> + for(String exp : regex)
>>> + {
>>> + tmp.add(Pattern.compile(exp));
>>> + }
>>> + _regexes = Collections.unmodifiableCollection(tmp);
>>> +
>>> + }
>>> +
>>> + public boolean accessAllowed(String resourcePath)
>>> + {
>>> + for(Pattern regex : _regexes)
>>> + {
>>> + if (regex.matcher(resourcePath).matches())
>>> + {
>>> + return true;
>>> + }
>>> + }
>>> + return false;
>>> + }
>>> +
>>> + public boolean accessDenied(String resourcePath)
>>> + {
>>> + return false;
>>> + }
>>> +
>>> + public List<Order> order()
>>> + {
>>> + return Arrays.asList(Order.ALLOW);
>>> + }
>>> +
>>> +}
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,59 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +package org.apache.tapestry5.internal.services;
>>> +
>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>> +
>>> +import java.util.Arrays;
>>> +import java.util.Collection;
>>> +import java.util.List;
>>> +import java.util.Map;
>>> +import java.util.concurrent.ConcurrentHashMap;
>>> +
>>> +/**
>>> + * AssetPathAuthorizer that determines access rights based on exact
>>> matching to a contributed whitelist.
>>> + * Any resource not explicitly specified in the whitelist is denied
>>> access.
>>> + */
>>> +public class WhitelistAuthorizer implements AssetPathAuthorizer
>>> +{
>>> +
>>> + public List<Order> order()
>>> + {
>>> + return Arrays.asList(Order.ALLOW, Order.DENY);
>>> + }
>>> +
>>> + //hash the resource paths for fast lookups.
>>> + private final Map<String, Boolean> _paths;
>>> +
>>> + public WhitelistAuthorizer(Collection<String> paths)
>>> + {
>>> + _paths = new ConcurrentHashMap<String, Boolean>();
>>> + for(String path : paths)
>>> + {
>>> + _paths.put(path, true);
>>> + }
>>> + }
>>> +
>>> + public boolean accessAllowed(String resourcePath)
>>> + {
>>> + return (_paths.containsKey(resourcePath));
>>> + }
>>> +
>>> + public boolean accessDenied(String resourcePath)
>>> + {
>>> + return !_paths.containsKey(resourcePath);
>>> + }
>>> +
>>> +}
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,76 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +package org.apache.tapestry5.services;
>>> +
>>> +import java.util.List;
>>> +
>>> +/**
>>> + * Determines whether access to an asset is allowed, denied, or
>>> undetermined.
>>> + * Each contributed authorizer makes up part of a chain of command for
>>> determining access.
>>> + * Access is explicitly allowed if accessAllowed returns true.
>>> + * Access is explicitly denied if accessDenied returns true.
>>> + * Ordering depends on the order specified by the "order" parameter.
>>> + * Hence, an implementation which specifies an order of:
>>> + * ALLOW, DENY, and returns true from both accessAllowed and accessDenied
>>> + * will allow access for all resources. With the same return values for
>>> the
>>> + * access* methods but the order switched to DENY, ALLOW, access to all
>>> resources
>>> + * would be denied. It is possible for an authorizer to have "nothing
>>> + * to say" regarding a particular resource. If accessAllowed returns
>>> false,
>>> + * it does not mean that access is denied, merely that it is not
>>> explicitly allowed.
>>> + * If accessDenied returns false, it does not mean that access is allowed,
>>> merely that
>>> + * it is not explicitly denied. Hence, if both accessAllowed and
>>> accessDenied return false,
>>> + * control will pass to the next authorizer in the chain.
>>> + *
>>> + */
>>> +public interface AssetPathAuthorizer
>>> +{
>>> +
>>> + /**
>>> + * Types of orderings, either ALLOW or DENY.
>>> + */
>>> + enum Order {ALLOW, DENY;}
>>> +
>>> + /**
>>> + * Specify the ordering for this authorizer.
>>> + * @return the operations for this authorizer.
>>> + * Operations will be performed in the order returned by the iterator.
>>> + * It is assumed that the authorizer correctly implements each form of
>>> + * ordering returned. It is acceptable to only return only ALLOW or
>>> DENY.
>>> + */
>>> + List<Order> order();
>>> +
>>> + /**
>>> + * Determines whether a request to "resourcePath" is allowed.
>>> + * @param resourcePath
>>> + * @return true if access is explicitly allowed for the path. False
>>> otherwise.
>>> + * For example, a whitelist implementation would return true if the
>>> resource
>>> + * was listed, and false otherwise. A blacklist implementation would
>>> return
>>> + * false regardless of whether the path was in the blacklist.
>>> + * Alternatively, if the blacklist specified an order of DENY, ALLOW,
>>> it could
>>> + * return true from accessAllowed if the resource was not explicitly
>>> listed in its
>>> + * blacklist.
>>> + */
>>> + boolean accessAllowed(String resourcePath);
>>> +
>>> + /**
>>> + *
>>> + * @param resourcePath
>>> + * @return true if access is explicitly prohibited for the path. False
>>> otherwise.
>>> + * For example, a whitelist implementation would return true if the
>>> resource was
>>> + * not explicitly listed, and false otherwise. A blacklist
>>> implementation would
>>> + * return true if the resource was explicitly denied, and false
>>> otherwise.
>>> + */
>>> + boolean accessDenied(String resourcePath);
>>> +}
>>>
>>> Modified:
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834151&r1=834150&r2=834151&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>> (original)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -305,6 +305,9 @@
>>> binder.bind(PageRenderLinkSource.class,
>>> PageRenderLinkSourceImpl.class);
>>> binder.bind(ClientInfrastructure.class,
>>> ClientInfrastructureImpl.class);
>>> binder.bind(URLRewriter.class, URLRewriterImpl.class);
>>> + binder.bind(Dispatcher.class,
>>> AssetProtectionDispatcher.class).withId("AssetProtectionDispatcher");
>>> + binder.bind(AssetPathAuthorizer.class,
>>> WhitelistAuthorizer.class).withId("WhitelistAuthorizer");
>>> + binder.bind(AssetPathAuthorizer.class,
>>> RegexAuthorizer.class).withId("RegexAuthorizer");
>>> }
>>>
>>> //
>>> ========================================================================
>>> @@ -1572,13 +1575,17 @@
>>> * and forwards onto {@link PageRenderRequestHandler}</dd>
>>> <dt>ComponentEvent</dt> <dd>Identifies the {@link
>>> * ComponentEventRequestParameters} and forwards onto the {@link
>>> ComponentEventRequestHandler}</dd> </dl>
>>> */
>>> - public static void
>>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration)
>>> + public static void
>>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration,
>>> +
>>> @InjectService("AssetProtectionDispatcher") Dispatcher assetProt)
>>> {
>>> // Looks for the root path and renders the start page. This is
>>> maintained for compatibility
>>> // with earlier versions of Tapestry 5, it is recommended that an
>>> Index page be used instead.
>>>
>>> configuration.addInstance("RootPath", RootPathDispatcher.class,
>>> "before:Asset");
>>>
>>> + //this goes before asset to make sure that only allowed assets are
>>> streamed to the client.
>>> + configuration.add("AssetProtection", assetProt, "before:Asset");
>>> +
>>> // This goes first because an asset to be streamed may have an file
>>> extension, such as
>>> // ".html", that will confuse the later dispatchers.
>>>
>>> @@ -1591,6 +1598,7 @@
>>> configuration.addInstance("PageRender",
>>> PageRenderDispatcher.class);
>>> }
>>>
>>> +
>>> /**
>>> * Contributes a default object renderer for type Object, plus
>>> specialized renderers for {@link
>>> * org.apache.tapestry5.services.Request}, {@link
>>> org.apache.tapestry5.ioc.Location}, {@link
>>> @@ -2480,4 +2488,41 @@
>>> };
>>> }
>>>
>>> + /**
>>> + * Contributes the default set of AssetPathAuthorizers into the
>>> AssetProtectionDispatcher.
>>> + * @param whitelist authorization based on explicit whitelisting.
>>> + * @param regex authorization based on pattern matching.
>>> + * @param conf
>>> + */
>>> + public static void contributeAssetProtectionDispatcher(
>>> + @InjectService("WhitelistAuthorizer") AssetPathAuthorizer
>>> whitelist,
>>> + @InjectService("RegexAuthorizer") AssetPathAuthorizer regex,
>>> + OrderedConfiguration<AssetPathAuthorizer> conf)
>>> + {
>>> + //putting whitelist after everything ensures that, in fact,
>>> nothing falls through.
>>> + //also ensures that whitelist gives other authorizers the chance
>>> to act...
>>> + conf.add("regex",regex,"before:whitelist");
>>> + conf.add("whitelist", whitelist,"after:*");
>>> + }
>>> +
>>> + public void contributeRegexAuthorizer(Configuration<String> regex,
>>> + @Symbol("tapestry.scriptaculous.path") String scriptPath,
>>> + @Symbol("tapestry.blackbird.path") String blackbirdPath,
>>> + @Symbol("tapestry.datepicker.path") String datepickerPath)
>>> + {
>>> + //allow any js, jpg, jpeg, png, or css under
>>> org/chenillekit/tapstry. The funky bit of ([^/.]+/)* is what allows
>>> + //multiple paths, while not allowing any of those paths to
>>> contains ./ or ../ thereby preventing paths like:
>>> + //org/chenillekit/tapestry/../../../foo.js
>>> + String pathPattern =
>>> "([^/.]+/)*[^/.]+\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
>>> + regex.add("^org/chenillekit/tapestry/" + pathPattern);
>>> +
>>> + regex.add("^org/apache/tapestry5/" + pathPattern);
>>> +
>>> + regex.add(blackbirdPath + "/" + pathPattern);
>>> + regex.add(datepickerPath + "/" + pathPattern);
>>> + regex.add(scriptPath + "/" + pathPattern);
>>> + //allow access to virtual assets. Critical for tapestry-combined
>>> js files.
>>> + regex.add("virtual/" + pathPattern);
>>> + }
>>> +
>>> }
>>>
>>> Modified:
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834151&r1=834150&r2=834151&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>> (original)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -257,4 +257,22 @@
>>> {
>>> configuration.add("ReverseStringsWorker", new
>>> ReverseStringsWorker());
>>> }
>>> +
>>> + public static void contributeRegexAuthorizer(Configuration<String>
>>> configuration) {
>>> + //use this rather than a blanket regex (^.*.jpg$, etc.); want to
>>> be sure that tests pass from the default
>>> + //configuration setup, (eg: this way, I realized that the
>>> "virtual" assets folder
>>> + //needed to be opened up in the tapestry-provided contributions)
>>> rather than from some blanket configuration in the appmodule
>>> + //opening up all css, js, etc. files.
>>> + //would contribute to whitelist except that the resource path
>>> between ctxt and the rest of the path can change.
>>> + configuration.add("^ctx/[^/]+/css/app\\.css$");
>>> + configuration.add("^ctx/[^/]+/layout/style\\.css$");
>>> + configuration.add("^ctx/[^/]+/layout/images/bg\\.gif$");
>>> + configuration.add("^ctx/[^/]+/layout/images/header\\.gif$");
>>> + configuration.add("^ctx/[^/]+/layout/images/rightsmall\\.gif$");
>>> + configuration.add("^ctx/[^/]+/layout/images/rightbig\\.gif$");
>>> + configuration.add("^ctx/[^/]+/layout/images/bottom\\.gif$");
>>> + configuration.add("^ctx/[^/]+/layout/images/footer\\.gif$");
>>> + configuration.add("^ctx/[^/]+/images/tapestry_banner\\.gif$");
>>> + configuration.add("^ctx/[^/]+/images/asf_logo_wide\\.gif$");
>>> + }
>>> }
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,92 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +package org.apache.tapestry5.internal.services;
>>> +
>>> +import static org.easymock.EasyMock.createMock;
>>> +import static org.easymock.EasyMock.expect;
>>> +import static org.easymock.EasyMock.*;
>>> +
>>> +import java.io.IOException;
>>> +import java.util.ArrayList;
>>> +import java.util.Arrays;
>>> +import java.util.Collections;
>>> +import java.util.List;
>>> +
>>> +import javax.servlet.http.HttpServletResponse;
>>> +
>>> +import org.apache.tapestry5.internal.services.RequestConstants;
>>> +import org.apache.tapestry5.internal.services.AssetProtectionDispatcher;
>>> +import org.apache.tapestry5.services.ClasspathAssetAliasManager;
>>> +import org.apache.tapestry5.services.Request;
>>> +import org.apache.tapestry5.services.Response;
>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>> +import org.testng.Assert;
>>> +import org.testng.annotations.Test;
>>> +import org.slf4j.Logger;
>>> +
>>> +public class AssetProtectionDispatcherTest extends Assert
>>> +{
>>> +
>>> + @Test
>>> + public void ignores_nonassets() throws IOException
>>> + {
>>> + //shouldn't need any configuration here...
>>> + List<AssetPathAuthorizer> auths = Collections.emptyList();
>>> + Logger logger = createMock(Logger.class);
>>> + AssetProtectionDispatcher disp = new
>>> AssetProtectionDispatcher(auths,null,logger);
>>> + Request request = createMock(Request.class);
>>> + expect(request.getPath()).andReturn("start");
>>> + Response response = createMock(Response.class);
>>> + replay(request,response,logger);
>>> + assertFalse(disp.dispatch(request, response));
>>> + verify(request,response,logger);
>>> + }
>>> +
>>> + @Test
>>> + public void checks_authorizers() throws IOException
>>> + {
>>> + Logger logger = createMock(Logger.class);
>>> + List<AssetPathAuthorizer> auths = new
>>> ArrayList<AssetPathAuthorizer>();
>>> + AssetPathAuthorizer auth = createMock(AssetPathAuthorizer.class);
>>> +
>>> +
>>> expect(auth.order()).andReturn(Arrays.asList(AssetPathAuthorizer.Order.ALLOW,
>>> AssetPathAuthorizer.Order.DENY)).times(2);
>>> +
>>> + expect(auth.accessAllowed("/cayenne.xml")).andReturn(false);
>>> + expect(auth.accessDenied("/cayenne.xml")).andReturn(true);
>>> +
>>> expect(auth.accessAllowed("/org/apache/tapestry/default.css")).andReturn(true);
>>> + auths.add(auth);
>>> +
>>> + logger.debug("Denying access to /cayenne.xml");
>>> + logger.debug("Allowing access to
>>> /org/apache/tapestry/default.css");
>>> +
>>> + Request request = createMock(Request.class);
>>> + Response response = createMock(Response.class);
>>> +
>>> expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX +
>>> "/cayenne.xml");
>>> +
>>> expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX +
>>> "/org/apache/tapestry/default.css");
>>> + response.sendError(HttpServletResponse.SC_FORBIDDEN,
>>> "/cayenne.xml");
>>> +
>>> + ClasspathAssetAliasManager manager =
>>> createMock(ClasspathAssetAliasManager.class);
>>> + expect(manager.toResourcePath(RequestConstants.ASSET_PATH_PREFIX +
>>> "/cayenne.xml")).andReturn("/cayenne.xml");
>>> + expect(manager.toResourcePath(
>>> + RequestConstants.ASSET_PATH_PREFIX +
>>> "/org/apache/tapestry/default.css"))
>>> + .andReturn("/org/apache/tapestry/default.css");
>>> + replay(auth,request,response,manager,logger);
>>> + AssetProtectionDispatcher disp = new
>>> AssetProtectionDispatcher(auths,manager,logger);
>>> +
>>> + assertTrue(disp.dispatch(request,response));
>>> + assertFalse(disp.dispatch(request, response));
>>> + verify(auth,request,response,logger);
>>> + }
>>> +}
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,53 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +package org.apache.tapestry5.internal.services;
>>> +
>>> +import java.util.Arrays;
>>> +import java.util.List;
>>> +
>>> +import org.testng.Assert;
>>> +import org.testng.annotations.Test;
>>> +import org.apache.tapestry5.internal.services.RegexAuthorizer;
>>> +
>>> +public class RegexAuthorizerTest extends Assert
>>> +{
>>> +
>>> + @Test
>>> + public void test_regexes()
>>> + {
>>> + List<String> patterns =
>>> Arrays.asList("^.*\\.png$","^.*\\.jpg","^.*\\.jpeg");
>>> + RegexAuthorizer auth = new RegexAuthorizer(patterns);
>>> + String pkg = "assets/com/saiwaisolutions/resources/";
>>> + String png = pkg + "foo.png";
>>> + String jpg = pkg + "foo.jpg";
>>> + String jpeg = pkg + "foo.jpeg";
>>> + String xml = pkg + "foo.xml";
>>> + test(auth,png,true);
>>> + test(auth,jpg,true);
>>> + test(auth,jpeg,true);
>>> + test(auth,xml,false);
>>> + }
>>> +
>>> + private static void test(RegexAuthorizer auth, String one,boolean
>>> allowed)
>>> + {
>>> + assertEquals(auth.accessAllowed(one),allowed);
>>> + assertEquals(
>>> + auth.accessAllowed(
>>> + "http://localhost:8080" + one),
>>> + allowed);
>>> + assertFalse(auth.accessDenied(one));
>>> + assertFalse(auth.accessDenied("http://localhost:8080" + one));
>>> + }
>>> +}
>>>
>>> Added:
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>> URL:
>>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834151&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>> (added)
>>> +++
>>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>>> Mon Nov 9 17:23:10 2009
>>> @@ -0,0 +1,45 @@
>>> +// Copyright 2009 The Apache Software Foundation
>>> +//
>>> +// Licensed under the Apache License, Version 2.0 (the "License");
>>> +// you may not use this file except in compliance with the License.
>>> +// You may obtain a copy of the License at
>>> +//
>>> +// http://www.apache.org/licenses/LICENSE-2.0
>>> +//
>>> +// Unless required by applicable law or agreed to in writing, software
>>> +// distributed under the License is distributed on an "AS IS" BASIS,
>>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>>> implied.
>>> +// See the License for the specific language governing permissions and
>>> +// limitations under the License.
>>> +
>>> +/*
>>> + * Created on Jul 28, 2007
>>> + *
>>> + *
>>> + */
>>> +package org.apache.tapestry5.internal.services;
>>> +
>>> +import java.util.Arrays;
>>> +
>>> +import org.testng.Assert;
>>> +import org.testng.annotations.Test;
>>> +import org.apache.tapestry5.internal.services.WhitelistAuthorizer;
>>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>>> +
>>> +public class WhitelistAuthorizerTest extends Assert {
>>> +
>>> + @Test
>>> + public void run()
>>> + {
>>> + WhitelistAuthorizer auth = new
>>> WhitelistAuthorizer(Arrays.asList("foo"));
>>> + assertEquals(auth.order().get(0),
>>> AssetPathAuthorizer.Order.ALLOW);
>>> + assertEquals(auth.order().get(1), AssetPathAuthorizer.Order.DENY);
>>> + assertEquals(auth.order().size(),2);
>>> + assertTrue(auth.accessAllowed("foo"));
>>> + assertFalse(auth.accessDenied("foo"));
>>> +
>>> + assertFalse(auth.accessAllowed("bar"));
>>> + assertTrue(auth.accessDenied("bar"));
>>> + }
>>> +
>>> +}
>>>
>>>
>>>
>>
>> --
>> Best regards,
>>
>> Igor Drobiazko
>>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: 5.1 - 5.0 next releases?

2009-11-23T11:47:54Z

Ok, so far I've created a nightly build (install, no docs) for

http://svn.apache.org/repos/asf/tapestry/tapestry5/branches/5.0

If that's working happy, I'll add one for the other branch ... is that
5.1-dev/ or 5.1.0.x-dev/ ?

On Mon, Nov 23, 2009 at 11:41 AM, Howard Lewis Ship <hlship@...> wrote:

> Not sure what to make of those errors. Some of the IoC stuff has been
> very rarely flakey, which I took to be limitations of (i.e., bugs in)
> the tests, or runtime problems related to running in Bamboo.
>
> I'll got set up some CI builds for the other branches.
>
>
> On Mon, Nov 23, 2009 at 11:20 AM, Andreas Andreou <andyhot@...> wrote:
>> fyi, i just sent an email to infra about hudson & selenium...
>>
>> Also, it looks like tapestry-ioc is a bit unstable - hudson now gives
>> those failures:
>> http://hudson.zones.apache.org/hudson/job/tapestry-5.1-trunk/org.apache.tapestry$tapestry-ioc/4/testReport/
>> while there's no change that could affect that...
>> So, should be jvm version... i think bamboo runs with 1.5, right? i
>> could set hudson to
>> use that (unless someone can explain the failures)
>>
>>
>> On Mon, Nov 23, 2009 at 8:58 PM, Igor Drobiazko
>> <igor.drobiazko@...> wrote:
>>> Howard, is it possible to create builds for the branches at formos bamboo?
>>> We need a temporal solution. I also feel uncomfortably to release 5.1.0.6
>>> without having a single build at CI.
>>>
>>> On Mon, Nov 23, 2009 at 8:58 AM, Howard Lewis Ship <hlship@...> wrote:
>>>
>>>> I don't feel comfortable until the code executes properly in the full
>>>> stack, including browser, servlet container and Tapestry, and
>>>> including Ajax updates. Anything simulated in that stack is a
>>>> potential to be different than the end user's experience. Selenium is
>>>> a pain in the ass, but it's as close as you'll get to hiring actual
>>>> people to validate your web app.
>>>>
>>>> On Sun, Nov 22, 2009 at 7:14 PM, Kalle Korhonen
>>>> <kalle.o.korhonen@...> wrote:
>>>> > On Sun, Nov 22, 2009 at 11:42 AM, Andreas Andreou <andyhot@...>
>>>> wrote:
>>>> >> Integration tests aren't currently able to run (missing firefox from
>>>> path)
>>>> >> and all 4 failing tests in 5.1 are due to that.
>>>> >> 5.0 has a few more failures which confirm what i'm seeing locally
>>>> >> (
>>>> http://hudson.zones.apache.org/hudson/view/All/job/tapestry-5.0-trunk/3/ )
>>>> >
>>>> > On that note, I've had very good success doing integration testing
>>>> > with HtmlUnit and embedded Jetty. The tests run faster than
>>>> > Selenium-based ones and are more independent of the environment. The
>>>> > recent versions of HtmlUnit run any kind of Javascript just fine
>>>> > (dojo, prototype, etc.) but obviously it's not *exactly* the same as a
>>>> > real browser. I've re-written both Apache Shiro's and Tynamo's (at
>>>> > Codehaus) integration tests to use the same concepts (see e.g.
>>>> >
>>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/AbstractContainerTest.java
>>>> ).
>>>> > Just thought it might be worth considering - I know how challenging it
>>>> > can be at times to rely on infrastructure you are not in control of.
>>>> > But perhaps Apache infra folks can help making firefox available on
>>>> > the path.
>>>> >
>>>>
>>>> It's not difficult, just means running Xvfb (X virtual frame buffer).
>>>>
>>>> > Kalle
>>>> >
>>>> >
>>>> >> On Sun, Nov 22, 2009 at 6:49 PM, Howard Lewis Ship <hlship@...>
>>>> wrote:
>>>> >>> I'm fine with moving stuff off of tapestry.formos.com.
>>>> >>>
>>>> >>> I do want to maintain some site with nightly snapshots, though.
>>>> >>>
>>>> >>> On Sun, Nov 22, 2009 at 8:39 AM, Andreas Andreou <andyhot@...>
>>>> wrote:
>>>> >>>> I have the same problem (lost password & bamboo not sending email) -
>>>> that's why
>>>> >>>> I started investigating apache's hudson infrastructure...
>>>> >>>>
>>>> >>>> I got 4.1 building there,
>>>> >>>> http://hudson.zones.apache.org/hudson/job/tapestry-4.1-trunk/
>>>> >>>> (the trick was to set the build node to master - we were told to use
>>>> >>>> minerva or vesta but
>>>> >>>> it looks like those are missing maven)
>>>> >>>>
>>>> >>>> I want to go ahead and add 5.0 and 5.1 there anyway. Howard, you
>>>> >>>> already have an account
>>>> >>>> but it don't see any T5 builds there, should i just go ahead?
>>>> >>>>
>>>> >>>> As for nexus, doing a mvn release will actually just stage it in a
>>>> >>>> one-time only repo so that
>>>> >>>> anyone can try it from there. I really wanted to try that with the 5.0
>>>> >>>> but some build failures
>>>> >>>> i'm having haven't allowed that - hoping to tackle them as we speak.
>>>> >>>>
>>>> >>>>
>>>> >>>> On Sun, Nov 22, 2009 at 3:55 PM, Igor Drobiazko
>>>> >>>> <igor.drobiazko@...> wrote:
>>>> >>>>> Can someone please add builds for 5.1.x and 5.0.x branches to bamboo?
>>>> I
>>>> >>>>> forgot my password and bamboo fails to send me a new one.
>>>> >>>>>
>>>> >>>>> On Sun, Nov 22, 2009 at 1:38 PM, Howard Lewis Ship <hlship@...>
>>>> wrote:
>>>> >>>>>
>>>> >>>>>> What's the process for staging things in Nexus?
>>>> >>>>>>
>>>> >>>>>> On Fri, Nov 20, 2009 at 7:50 AM, Andreas Andreou <andyhot@...
>>>> >
>>>> >>>>>> wrote:
>>>> >>>>>> > [5.0 branch] So, i'm basically still getting 3 test failures in
>>>> >>>>>> > tapestry-ioc and 2 in
>>>> >>>>>> > tapestry-core (jdk5 & jdk6)... the good thing is i'm not getting
>>>> those
>>>> >>>>>> > in the 5.1 branch, so, i'll try to
>>>> >>>>>> > look for diffs.
>>>> >>>>>> >
>>>> >>>>>> > [5.1 branch] All look fine here, once we say GO, I (or anyone) can
>>>> >>>>>> > just try to stage the release
>>>> >>>>>> > in nexus and once that works, send the email for the vote
>>>> >>>>>> >
>>>> >>>>>> > On Fri, Nov 20, 2009 at 2:24 PM, Thiago H. de Paula Figueiredo
>>>> >>>>>> > <thiagohp@...> wrote:
>>>> >>>>>> >> +1
>>>> >>>>>> >>
>>>> >>>>>> >> Em Fri, 20 Nov 2009 07:09:03 -0200, David Rees <
>>>> drees76@...>
>>>> >>>>>> escreveu:
>>>> >>>>>> >>
>>>> >>>>>> >>> On Thu, Nov 19, 2009 at 10:24 PM, Igor Drobiazko
>>>> >>>>>> >>> <igor.drobiazko@...> wrote:
>>>> >>>>>> >>>>
>>>> >>>>>> >>>> We should release 5.1.0.6 asap because of the security issues.
>>>> What if
>>>> >>>>>> we
>>>> >>>>>> >>>> only backport already fixed issues in 5.2.0.0 snapshots,
>>>> release
>>>> >>>>>> 5.1.0.6
>>>> >>>>>> >>>> and
>>>> >>>>>> >>>> immidiately go on with 5.1.0.7?
>>>> >>>>>> >>>
>>>> >>>>>> >>> I'm a big fan of "release often" as long as people are willing
>>>> to do it
>>>> >>>>>> -
>>>> >>>>>> >>> so +1.
>>>> >>>>>> >>>
>>>> >>>>>> >>> -Dave
>>>> >>>>>> >>>
>>>> >>>>>> >>>
>>>> ---------------------------------------------------------------------
>>>> >>>>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >>>>>> >>> For additional commands, e-mail: dev-help@...
>>>> >>>>>> >>>
>>>> >>>>>> >>
>>>> >>>>>> >>
>>>> >>>>>> >> --
>>>> >>>>>> >> Thiago H. de Paula Figueiredo
>>>> >>>>>> >> Independent Java, Apache Tapestry 5 and Hibernate consultant,
>>>> developer,
>>>> >>>>>> and
>>>> >>>>>> >> instructor
>>>> >>>>>> >> Owner, software architect and developer, Ars Machina Tecnologia
>>>> da
>>>> >>>>>> >> Informação Ltda.
>>>> >>>>>> >> Consultor, desenvolvedor e instrutor em Java, Tapestry e
>>>> Hibernate
>>>> >>>>>> >> Coordenador e professor da Especialização em Engenharia de
>>>> Software com
>>>> >>>>>> >> Ênfase em Java da Faculdade Pitágoras
>>>> >>>>>> >> http://www.arsmachina.com.br
>>>> >>>>>> >>
>>>> >>>>>> >>
>>>> ---------------------------------------------------------------------
>>>> >>>>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >>>>>> >> For additional commands, e-mail: dev-help@...
>>>> >>>>>> >>
>>>> >>>>>> >>
>>>> >>>>>> >
>>>> >>>>>> >
>>>> >>>>>> >
>>>> >>>>>> > --
>>>> >>>>>> > Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>>>> >>>>>> > Tapestry / Tacos developer
>>>> >>>>>> > Open Source / JEE Consulting
>>>> >>>>>> >
>>>> >>>>>> >
>>>> ---------------------------------------------------------------------
>>>> >>>>>> > To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >>>>>> > For additional commands, e-mail: dev-help@...
>>>> >>>>>> >
>>>> >>>>>> >
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> --
>>>> >>>>>> Howard M. Lewis Ship
>>>> >>>>>>
>>>> >>>>>> Creator of Apache Tapestry
>>>> >>>>>>
>>>> >>>>>> The source for Tapestry training, mentoring and support. Contact me
>>>> to
>>>> >>>>>> learn how I can get you up and productive in Tapestry fast!
>>>> >>>>>>
>>>> >>>>>> (971) 678-5210
>>>> >>>>>> http://howardlewisship.com
>>>> >>>>>>
>>>> >>>>>>
>>>> ---------------------------------------------------------------------
>>>> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >>>>>> For additional commands, e-mail: dev-help@...
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> --
>>>> >>>>> Best regards,
>>>> >>>>>
>>>> >>>>> Igor Drobiazko
>>>> >>>>>
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> --
>>>> >>>> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>>>> >>>> Tapestry / Tacos developer
>>>> >>>> Open Source / JEE Consulting
>>>> >>>>
>>>> >>>> ---------------------------------------------------------------------
>>>> >>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >>>> For additional commands, e-mail: dev-help@...
>>>> >>>>
>>>> >>>>
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> --
>>>> >>> Howard M. Lewis Ship
>>>> >>>
>>>> >>> Creator of Apache Tapestry
>>>> >>>
>>>> >>> The source for Tapestry training, mentoring and support. Contact me to
>>>> >>> learn how I can get you up and productive in Tapestry fast!
>>>> >>>
>>>> >>> (971) 678-5210
>>>> >>> http://howardlewisship.com
>>>> >>>
>>>> >>> ---------------------------------------------------------------------
>>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >>> For additional commands, e-mail: dev-help@...
>>>> >>>
>>>> >>>
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>>>> >> Tapestry / Tacos developer
>>>> >> Open Source / JEE Consulting
>>>> >>
>>>> >> ---------------------------------------------------------------------
>>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> >> For additional commands, e-mail: dev-help@...
>>>> >>
>>>> >>
>>>> >
>>>> > ---------------------------------------------------------------------
>>>> > To unsubscribe, e-mail: dev-unsubscribe@...
>>>> > For additional commands, e-mail: dev-help@...
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Howard M. Lewis Ship
>>>>
>>>> Creator of Apache Tapestry
>>>>
>>>> The source for Tapestry training, mentoring and support. Contact me to
>>>> learn how I can get you up and productive in Tapestry fast!
>>>>
>>>> (971) 678-5210
>>>> http://howardlewisship.com
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>>> For additional commands, e-mail: dev-help@...
>>>>
>>>>
>>>
>>>
>>> --
>>> Best regards,
>>>
>>> Igor Drobiazko
>>>
>>
>>
>>
>> --
>> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>> Tapestry / Tacos developer
>> Open Source / JEE Consulting
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@...
>> For additional commands, e-mail: dev-help@...
>>
>>
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator of Apache Tapestry
>
> The source for Tapestry training, mentoring and support. Contact me to
> learn how I can get you up and productive in Tapestry fast!
>
> (971) 678-5210
> http://howardlewisship.com
>

--
Howard M. Lewis Ship

Creator of Apache Tapestry

The source for Tapestry training, mentoring and support. Contact me to
learn how I can get you up and productive in Tapestry fast!

(971) 678-5210
http://howardlewisship.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

Re: 5.1 - 5.0 next releases?

2009-11-23T11:41:04Z

Not sure what to make of those errors. Some of the IoC stuff has been
very rarely flakey, which I took to be limitations of (i.e., bugs in)
the tests, or runtime problems related to running in Bamboo.

I'll got set up some CI builds for the other branches.

On Mon, Nov 23, 2009 at 11:20 AM, Andreas Andreou <andyhot@...> wrote:

> fyi, i just sent an email to infra about hudson & selenium...
>
> Also, it looks like tapestry-ioc is a bit unstable - hudson now gives
> those failures:
> http://hudson.zones.apache.org/hudson/job/tapestry-5.1-trunk/org.apache.tapestry$tapestry-ioc/4/testReport/
> while there's no change that could affect that...
> So, should be jvm version... i think bamboo runs with 1.5, right? i
> could set hudson to
> use that (unless someone can explain the failures)
>
>
> On Mon, Nov 23, 2009 at 8:58 PM, Igor Drobiazko
> <igor.drobiazko@...> wrote:
>> Howard, is it possible to create builds for the branches at formos bamboo?
>> We need a temporal solution. I also feel uncomfortably to release 5.1.0.6
>> without having a single build at CI.
>>
>> On Mon, Nov 23, 2009 at 8:58 AM, Howard Lewis Ship <hlship@...> wrote:
>>
>>> I don't feel comfortable until the code executes properly in the full
>>> stack, including browser, servlet container and Tapestry, and
>>> including Ajax updates. Anything simulated in that stack is a
>>> potential to be different than the end user's experience. Selenium is
>>> a pain in the ass, but it's as close as you'll get to hiring actual
>>> people to validate your web app.
>>>
>>> On Sun, Nov 22, 2009 at 7:14 PM, Kalle Korhonen
>>> <kalle.o.korhonen@...> wrote:
>>> > On Sun, Nov 22, 2009 at 11:42 AM, Andreas Andreou <andyhot@...>
>>> wrote:
>>> >> Integration tests aren't currently able to run (missing firefox from
>>> path)
>>> >> and all 4 failing tests in 5.1 are due to that.
>>> >> 5.0 has a few more failures which confirm what i'm seeing locally
>>> >> (
>>> http://hudson.zones.apache.org/hudson/view/All/job/tapestry-5.0-trunk/3/ )
>>> >
>>> > On that note, I've had very good success doing integration testing
>>> > with HtmlUnit and embedded Jetty. The tests run faster than
>>> > Selenium-based ones and are more independent of the environment. The
>>> > recent versions of HtmlUnit run any kind of Javascript just fine
>>> > (dojo, prototype, etc.) but obviously it's not *exactly* the same as a
>>> > real browser. I've re-written both Apache Shiro's and Tynamo's (at
>>> > Codehaus) integration tests to use the same concepts (see e.g.
>>> >
>>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/AbstractContainerTest.java
>>> ).
>>> > Just thought it might be worth considering - I know how challenging it
>>> > can be at times to rely on infrastructure you are not in control of.
>>> > But perhaps Apache infra folks can help making firefox available on
>>> > the path.
>>> >
>>>
>>> It's not difficult, just means running Xvfb (X virtual frame buffer).
>>>
>>> > Kalle
>>> >
>>> >
>>> >> On Sun, Nov 22, 2009 at 6:49 PM, Howard Lewis Ship <hlship@...>
>>> wrote:
>>> >>> I'm fine with moving stuff off of tapestry.formos.com.
>>> >>>
>>> >>> I do want to maintain some site with nightly snapshots, though.
>>> >>>
>>> >>> On Sun, Nov 22, 2009 at 8:39 AM, Andreas Andreou <andyhot@...>
>>> wrote:
>>> >>>> I have the same problem (lost password & bamboo not sending email) -
>>> that's why
>>> >>>> I started investigating apache's hudson infrastructure...
>>> >>>>
>>> >>>> I got 4.1 building there,
>>> >>>> http://hudson.zones.apache.org/hudson/job/tapestry-4.1-trunk/
>>> >>>> (the trick was to set the build node to master - we were told to use
>>> >>>> minerva or vesta but
>>> >>>> it looks like those are missing maven)
>>> >>>>
>>> >>>> I want to go ahead and add 5.0 and 5.1 there anyway. Howard, you
>>> >>>> already have an account
>>> >>>> but it don't see any T5 builds there, should i just go ahead?
>>> >>>>
>>> >>>> As for nexus, doing a mvn release will actually just stage it in a
>>> >>>> one-time only repo so that
>>> >>>> anyone can try it from there. I really wanted to try that with the 5.0
>>> >>>> but some build failures
>>> >>>> i'm having haven't allowed that - hoping to tackle them as we speak.
>>> >>>>
>>> >>>>
>>> >>>> On Sun, Nov 22, 2009 at 3:55 PM, Igor Drobiazko
>>> >>>> <igor.drobiazko@...> wrote:
>>> >>>>> Can someone please add builds for 5.1.x and 5.0.x branches to bamboo?
>>> I
>>> >>>>> forgot my password and bamboo fails to send me a new one.
>>> >>>>>
>>> >>>>> On Sun, Nov 22, 2009 at 1:38 PM, Howard Lewis Ship <hlship@...>
>>> wrote:
>>> >>>>>
>>> >>>>>> What's the process for staging things in Nexus?
>>> >>>>>>
>>> >>>>>> On Fri, Nov 20, 2009 at 7:50 AM, Andreas Andreou <andyhot@...
>>> >
>>> >>>>>> wrote:
>>> >>>>>> > [5.0 branch] So, i'm basically still getting 3 test failures in
>>> >>>>>> > tapestry-ioc and 2 in
>>> >>>>>> > tapestry-core (jdk5 & jdk6)... the good thing is i'm not getting
>>> those
>>> >>>>>> > in the 5.1 branch, so, i'll try to
>>> >>>>>> > look for diffs.
>>> >>>>>> >
>>> >>>>>> > [5.1 branch] All look fine here, once we say GO, I (or anyone) can
>>> >>>>>> > just try to stage the release
>>> >>>>>> > in nexus and once that works, send the email for the vote
>>> >>>>>> >
>>> >>>>>> > On Fri, Nov 20, 2009 at 2:24 PM, Thiago H. de Paula Figueiredo
>>> >>>>>> > <thiagohp@...> wrote:
>>> >>>>>> >> +1
>>> >>>>>> >>
>>> >>>>>> >> Em Fri, 20 Nov 2009 07:09:03 -0200, David Rees <
>>> drees76@...>
>>> >>>>>> escreveu:
>>> >>>>>> >>
>>> >>>>>> >>> On Thu, Nov 19, 2009 at 10:24 PM, Igor Drobiazko
>>> >>>>>> >>> <igor.drobiazko@...> wrote:
>>> >>>>>> >>>>
>>> >>>>>> >>>> We should release 5.1.0.6 asap because of the security issues.
>>> What if
>>> >>>>>> we
>>> >>>>>> >>>> only backport already fixed issues in 5.2.0.0 snapshots,
>>> release
>>> >>>>>> 5.1.0.6
>>> >>>>>> >>>> and
>>> >>>>>> >>>> immidiately go on with 5.1.0.7?
>>> >>>>>> >>>
>>> >>>>>> >>> I'm a big fan of "release often" as long as people are willing
>>> to do it
>>> >>>>>> -
>>> >>>>>> >>> so +1.
>>> >>>>>> >>>
>>> >>>>>> >>> -Dave
>>> >>>>>> >>>
>>> >>>>>> >>>
>>> ---------------------------------------------------------------------
>>> >>>>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
>>> >>>>>> >>> For additional commands, e-mail: dev-help@...
>>> >>>>>> >>>
>>> >>>>>> >>
>>> >>>>>> >>
>>> >>>>>> >> --
>>> >>>>>> >> Thiago H. de Paula Figueiredo
>>> >>>>>> >> Independent Java, Apache Tapestry 5 and Hibernate consultant,
>>> developer,
>>> >>>>>> and
>>> >>>>>> >> instructor
>>> >>>>>> >> Owner, software architect and developer, Ars Machina Tecnologia
>>> da
>>> >>>>>> >> Informação Ltda.
>>> >>>>>> >> Consultor, desenvolvedor e instrutor em Java, Tapestry e
>>> Hibernate
>>> >>>>>> >> Coordenador e professor da Especialização em Engenharia de
>>> Software com
>>> >>>>>> >> Ênfase em Java da Faculdade Pitágoras
>>> >>>>>> >> http://www.arsmachina.com.br
>>> >>>>>> >>
>>> >>>>>> >>
>>> ---------------------------------------------------------------------
>>> >>>>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
>>> >>>>>> >> For additional commands, e-mail: dev-help@...
>>> >>>>>> >>
>>> >>>>>> >>
>>> >>>>>> >
>>> >>>>>> >
>>> >>>>>> >
>>> >>>>>> > --
>>> >>>>>> > Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>>> >>>>>> > Tapestry / Tacos developer
>>> >>>>>> > Open Source / JEE Consulting
>>> >>>>>> >
>>> >>>>>> >
>>> ---------------------------------------------------------------------
>>> >>>>>> > To unsubscribe, e-mail: dev-unsubscribe@...
>>> >>>>>> > For additional commands, e-mail: dev-help@...
>>> >>>>>> >
>>> >>>>>> >
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> --
>>> >>>>>> Howard M. Lewis Ship
>>> >>>>>>
>>> >>>>>> Creator of Apache Tapestry
>>> >>>>>>
>>> >>>>>> The source for Tapestry training, mentoring and support. Contact me
>>> to
>>> >>>>>> learn how I can get you up and productive in Tapestry fast!
>>> >>>>>>
>>> >>>>>> (971) 678-5210
>>> >>>>>> http://howardlewisship.com
>>> >>>>>>
>>> >>>>>>
>>> ---------------------------------------------------------------------
>>> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>> >>>>>> For additional commands, e-mail: dev-help@...
>>> >>>>>>
>>> >>>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> --
>>> >>>>> Best regards,
>>> >>>>>
>>> >>>>> Igor Drobiazko
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> --
>>> >>>> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>>> >>>> Tapestry / Tacos developer
>>> >>>> Open Source / JEE Consulting
>>> >>>>
>>> >>>> ---------------------------------------------------------------------
>>> >>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>> >>>> For additional commands, e-mail: dev-help@...
>>> >>>>
>>> >>>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> Howard M. Lewis Ship
>>> >>>
>>> >>> Creator of Apache Tapestry
>>> >>>
>>> >>> The source for Tapestry training, mentoring and support. Contact me to
>>> >>> learn how I can get you up and productive in Tapestry fast!
>>> >>>
>>> >>> (971) 678-5210
>>> >>> http://howardlewisship.com
>>> >>>
>>> >>> ---------------------------------------------------------------------
>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
>>> >>> For additional commands, e-mail: dev-help@...
>>> >>>
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>>> >> Tapestry / Tacos developer
>>> >> Open Source / JEE Consulting
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
>>> >> For additional commands, e-mail: dev-help@...
>>> >>
>>> >>
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: dev-unsubscribe@...
>>> > For additional commands, e-mail: dev-help@...
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Howard M. Lewis Ship
>>>
>>> Creator of Apache Tapestry
>>>
>>> The source for Tapestry training, mentoring and support. Contact me to
>>> learn how I can get you up and productive in Tapestry fast!
>>>
>>> (971) 678-5210
>>> http://howardlewisship.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@...
>>> For additional commands, e-mail: dev-help@...
>>>
>>>
>>
>>
>> --
>> Best regards,
>>
>> Igor Drobiazko
>>
>
>
>
> --
> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> Tapestry / Tacos developer
> Open Source / JEE Consulting
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>

Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

2009-11-23T11:37:53Z

Good catch, and I agree.

On Mon, Nov 23, 2009 at 10:07 AM, Igor Drobiazko
<igor.drobiazko@...> wrote:

> I think the contribution "^org/chenillekit/tapestry/" should be removed from
> the configuration of the RegexpAuthorizer. App developers using Chenillekit
> should contribute it.
>
> On Mon, Nov 9, 2009 at 6:23 PM, <robertdzeigler@...> wrote:
>
>> Author: robertdzeigler
>> Date: Mon Nov 9 17:23:10 2009
>> New Revision: 834151
>>
>> URL: http://svn.apache.org/viewvc?rev=834151&view=rev
>> Log:
>> TAP5-815: Asset dispatcher allows any file inside the webapp visible and
>> downloadable (5.2 branch)
>>
>> Added:
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>> Modified:
>> tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>>
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>>
>> Modified: tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt?rev=834151&r1=834150&r2=834151&view=diff
>>
>> ==============================================================================
>> --- tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt (original)
>> +++ tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt Mon Nov 9
>> 17:23:10 2009
>> @@ -138,6 +138,31 @@
>> In addition, context assets will use the URL prefix
>> <<</assets/ctx/>>><app-version><<</>>>.
>>
>>
>> +Securing Assets
>> +
>> + Securing assets is an important consideration for any web application.
>> Many assets, such as hibernate configuration
>> + files, sit in the classpath and are exposable via the Asset service,
>> which is not desirable. To protect these and
>> + other sensitive assets, Tapestry provides the AssetProtectionDispatcher.
>> This dispatcher sits in front of the
>> + AssetDispatcher, the service responsible for streaming assets to the
>> client, and watches for Asset requests.
>> + When an asset request comes in, the protection dispatcher checks for
>> authorization to view the file against a
>> + contributed list of AssetPathAuthorizer implementations. Determination
>> of whether the client can view the requested
>> + resource is then made based on whether any of the contributed
>> AssetPathAuthorizer implementations explicitly allowed
>> + or denied access to the resource.
>> +
>> + Tapestry provides two AssetPathAuthorizer implemenations "out of the
>> box" to which users may contribute: RegexAuthorizer
>> + and WhitelistAuthorizer. RegexAuthorizer uses regular expressions to
>> determine assets which are viewable by the
>> + client; any assets that match one of its (contributed) regular
>> expressions are authorized. Anything not matched is
>> + passed through to the WhitelistAuthorizer. WhitelistAuthorizer uses an
>> exact-matching whitelist. Anything matching
>> + exactly one its contributions is allowed; all other asset requests are
>> denied. The default tapestry configuration
>> + contributes nothing to WhitelistAuthorizer (access will be denied to all
>> asset requests passed through to it), and
>> + explicitly allows access to css, jpg, jpeg, js, png, and gif files
>> associated with tapestry (tapestry.js, blackbird
>> + files, date picker files, etc.). The default contribution also enables
>> access to the css, jpg, jpeg, js, png, and gif
>> + files provided by the popular chenille-kit 3rd party library. The
>> default configuration denies access to all other
>> + assets. To enable access to your application's assets, either
>> contribute a custom AssetPathAnalyzer, or contribute
>> + appropriate regular expression or exact path contributions to
>> RegexAuthorizer or WhitelistAuthorizer, respectively.
>> + See TapestryModule.contribteRegexAuthorizer for examples.
>> +
>> +
>> Performance Notes
>>
>> Assets are expected to be entirely static (not changing while the
>> application is deployed). When Tapestry generates a URL
>> @@ -146,4 +171,4 @@
>> asset.
>>
>> In addition, Tapestry will {{{compress.html}GZIP compress}} the content
>> of <all> assets (if the asset
>> - is compressable, and the client supports it).
>> \ No newline at end of file
>> + is compressable, and the client supports it).
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,92 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +package org.apache.tapestry5.internal.services;
>> +
>> +import java.io.IOException;
>> +import java.util.Collection;
>> +import java.util.Collections;
>> +import java.util.List;
>> +
>> +import javax.servlet.http.HttpServletResponse;
>> +
>> +import org.apache.tapestry5.internal.services.RequestConstants;
>> +import org.apache.tapestry5.services.*;
>> +import org.slf4j.Logger;
>> +
>> +/**
>> + * Dispatcher that handles whether to allow or deny access to particular
>> + * assets. Actual work of authorizing a particular url is handled by
>> + * implementations of AssetPathAuthorizer. Configuration is an ordered
>> + * list of AssetPathAuthorizers. Each authorizer specifies an order of
>> + * operations as a list (see AssetPathAuthorizer.Order).
>> + *
>> + */
>> +public class AssetProtectionDispatcher implements Dispatcher
>> +{
>> +
>> + private final Collection<AssetPathAuthorizer> authorizers;
>> + private final ClasspathAssetAliasManager assetAliasManager;
>> + private final Logger logger;
>> +
>> + public AssetProtectionDispatcher(
>> + List<AssetPathAuthorizer> auths,
>> + ClasspathAssetAliasManager manager,
>> + Logger logger)
>> + {
>> + this.authorizers = Collections.unmodifiableList(auths);
>> + this.assetAliasManager = manager;
>> + this.logger = logger;
>> + }
>> +
>> + public boolean dispatch(Request request, Response response)
>> + throws IOException
>> + {
>> + String path = request.getPath();
>> + //we only protect assets, and don't examine any other url's.
>> + if (!path.startsWith(RequestConstants.ASSET_PATH_PREFIX))
>> + {
>> + return false;
>> + }
>> + String resourcePath = assetAliasManager.toResourcePath(path);
>> + for(AssetPathAuthorizer auth : authorizers)
>> + {
>> + for(AssetPathAuthorizer.Order o : auth.order())
>> + {
>> + if (o == AssetPathAuthorizer.Order.ALLOW)
>> + {
>> + if (auth.accessAllowed(resourcePath))
>> + {
>> + logger.debug("Allowing access to " +
>> resourcePath);
>> + return false;
>> + }
>> + }
>> + else
>> + {
>> + if (auth.accessDenied(resourcePath))
>> + {
>> + logger.debug("Denying access to " + resourcePath);
>> +
>> response.sendError(HttpServletResponse.SC_FORBIDDEN,resourcePath);
>> + return true;
>> + }
>> + }
>> + }
>> + }
>> + //if we get here, no Authorizer had anything useful to say about
>> the resourcePath.
>> + //so let it fall through.
>> + logger.debug("Fell through the list of authorizers. Allowing
>> access to: " + resourcePath);
>> + return false;
>> + }
>> +
>> +}
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,76 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +package org.apache.tapestry5.internal.services;
>> +
>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>> +
>> +import java.util.ArrayList;
>> +import java.util.Arrays;
>> +import java.util.Collection;
>> +import java.util.Collections;
>> +import java.util.List;
>> +import java.util.regex.Pattern;
>> +
>> +/**
>> + * Provides a regex-based authorization scheme for asset-access
>> authorization.
>> + * Note that this implementation doesn't actually deny access to anything.
>> + * But it's placement within the chain of command of authorizers is just
>> before
>> + * the whitelist authorizer, which has an explicit deny policy.
>> + * Hence, as long as the whitelist authorizer is being used in conjunction
>> with
>> + * the regex authorizer, there is no need to worry about accessDenied in
>> this authorizer.
>> + *
>> + */
>> +public class RegexAuthorizer implements AssetPathAuthorizer
>> +{
>> +
>> + private final Collection<Pattern> _regexes;
>> +
>> + public RegexAuthorizer(final Collection<String> regex)
>> + {
>> + //an alternate way to construct this would be to make sure that
>> each pattern is grouped
>> + //and then to regex or the various patterns together into a single
>> pattern.
>> + //that might be faster, but probably not enough to make a
>> difference, and this is cleaner.
>> + List<Pattern> tmp = new ArrayList<Pattern>();
>> + for(String exp : regex)
>> + {
>> + tmp.add(Pattern.compile(exp));
>> + }
>> + _regexes = Collections.unmodifiableCollection(tmp);
>> +
>> + }
>> +
>> + public boolean accessAllowed(String resourcePath)
>> + {
>> + for(Pattern regex : _regexes)
>> + {
>> + if (regex.matcher(resourcePath).matches())
>> + {
>> + return true;
>> + }
>> + }
>> + return false;
>> + }
>> +
>> + public boolean accessDenied(String resourcePath)
>> + {
>> + return false;
>> + }
>> +
>> + public List<Order> order()
>> + {
>> + return Arrays.asList(Order.ALLOW);
>> + }
>> +
>> +}
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,59 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +package org.apache.tapestry5.internal.services;
>> +
>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>> +
>> +import java.util.Arrays;
>> +import java.util.Collection;
>> +import java.util.List;
>> +import java.util.Map;
>> +import java.util.concurrent.ConcurrentHashMap;
>> +
>> +/**
>> + * AssetPathAuthorizer that determines access rights based on exact
>> matching to a contributed whitelist.
>> + * Any resource not explicitly specified in the whitelist is denied
>> access.
>> + */
>> +public class WhitelistAuthorizer implements AssetPathAuthorizer
>> +{
>> +
>> + public List<Order> order()
>> + {
>> + return Arrays.asList(Order.ALLOW, Order.DENY);
>> + }
>> +
>> + //hash the resource paths for fast lookups.
>> + private final Map<String, Boolean> _paths;
>> +
>> + public WhitelistAuthorizer(Collection<String> paths)
>> + {
>> + _paths = new ConcurrentHashMap<String, Boolean>();
>> + for(String path : paths)
>> + {
>> + _paths.put(path, true);
>> + }
>> + }
>> +
>> + public boolean accessAllowed(String resourcePath)
>> + {
>> + return (_paths.containsKey(resourcePath));
>> + }
>> +
>> + public boolean accessDenied(String resourcePath)
>> + {
>> + return !_paths.containsKey(resourcePath);
>> + }
>> +
>> +}
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,76 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +package org.apache.tapestry5.services;
>> +
>> +import java.util.List;
>> +
>> +/**
>> + * Determines whether access to an asset is allowed, denied, or
>> undetermined.
>> + * Each contributed authorizer makes up part of a chain of command for
>> determining access.
>> + * Access is explicitly allowed if accessAllowed returns true.
>> + * Access is explicitly denied if accessDenied returns true.
>> + * Ordering depends on the order specified by the "order" parameter.
>> + * Hence, an implementation which specifies an order of:
>> + * ALLOW, DENY, and returns true from both accessAllowed and accessDenied
>> + * will allow access for all resources. With the same return values for
>> the
>> + * access* methods but the order switched to DENY, ALLOW, access to all
>> resources
>> + * would be denied. It is possible for an authorizer to have "nothing
>> + * to say" regarding a particular resource. If accessAllowed returns
>> false,
>> + * it does not mean that access is denied, merely that it is not
>> explicitly allowed.
>> + * If accessDenied returns false, it does not mean that access is allowed,
>> merely that
>> + * it is not explicitly denied. Hence, if both accessAllowed and
>> accessDenied return false,
>> + * control will pass to the next authorizer in the chain.
>> + *
>> + */
>> +public interface AssetPathAuthorizer
>> +{
>> +
>> + /**
>> + * Types of orderings, either ALLOW or DENY.
>> + */
>> + enum Order {ALLOW, DENY;}
>> +
>> + /**
>> + * Specify the ordering for this authorizer.
>> + * @return the operations for this authorizer.
>> + * Operations will be performed in the order returned by the iterator.
>> + * It is assumed that the authorizer correctly implements each form of
>> + * ordering returned. It is acceptable to only return only ALLOW or
>> DENY.
>> + */
>> + List<Order> order();
>> +
>> + /**
>> + * Determines whether a request to "resourcePath" is allowed.
>> + * @param resourcePath
>> + * @return true if access is explicitly allowed for the path. False
>> otherwise.
>> + * For example, a whitelist implementation would return true if the
>> resource
>> + * was listed, and false otherwise. A blacklist implementation would
>> return
>> + * false regardless of whether the path was in the blacklist.
>> + * Alternatively, if the blacklist specified an order of DENY, ALLOW,
>> it could
>> + * return true from accessAllowed if the resource was not explicitly
>> listed in its
>> + * blacklist.
>> + */
>> + boolean accessAllowed(String resourcePath);
>> +
>> + /**
>> + *
>> + * @param resourcePath
>> + * @return true if access is explicitly prohibited for the path. False
>> otherwise.
>> + * For example, a whitelist implementation would return true if the
>> resource was
>> + * not explicitly listed, and false otherwise. A blacklist
>> implementation would
>> + * return true if the resource was explicitly denied, and false
>> otherwise.
>> + */
>> + boolean accessDenied(String resourcePath);
>> +}
>>
>> Modified:
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834151&r1=834150&r2=834151&view=diff
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>> (original)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
>> Mon Nov 9 17:23:10 2009
>> @@ -305,6 +305,9 @@
>> binder.bind(PageRenderLinkSource.class,
>> PageRenderLinkSourceImpl.class);
>> binder.bind(ClientInfrastructure.class,
>> ClientInfrastructureImpl.class);
>> binder.bind(URLRewriter.class, URLRewriterImpl.class);
>> + binder.bind(Dispatcher.class,
>> AssetProtectionDispatcher.class).withId("AssetProtectionDispatcher");
>> + binder.bind(AssetPathAuthorizer.class,
>> WhitelistAuthorizer.class).withId("WhitelistAuthorizer");
>> + binder.bind(AssetPathAuthorizer.class,
>> RegexAuthorizer.class).withId("RegexAuthorizer");
>> }
>>
>> //
>> ========================================================================
>> @@ -1572,13 +1575,17 @@
>> * and forwards onto {@link PageRenderRequestHandler}</dd>
>> <dt>ComponentEvent</dt> <dd>Identifies the {@link
>> * ComponentEventRequestParameters} and forwards onto the {@link
>> ComponentEventRequestHandler}</dd> </dl>
>> */
>> - public static void
>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration)
>> + public static void
>> contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration,
>> +
>> @InjectService("AssetProtectionDispatcher") Dispatcher assetProt)
>> {
>> // Looks for the root path and renders the start page. This is
>> maintained for compatibility
>> // with earlier versions of Tapestry 5, it is recommended that an
>> Index page be used instead.
>>
>> configuration.addInstance("RootPath", RootPathDispatcher.class,
>> "before:Asset");
>>
>> + //this goes before asset to make sure that only allowed assets are
>> streamed to the client.
>> + configuration.add("AssetProtection", assetProt, "before:Asset");
>> +
>> // This goes first because an asset to be streamed may have an file
>> extension, such as
>> // ".html", that will confuse the later dispatchers.
>>
>> @@ -1591,6 +1598,7 @@
>> configuration.addInstance("PageRender",
>> PageRenderDispatcher.class);
>> }
>>
>> +
>> /**
>> * Contributes a default object renderer for type Object, plus
>> specialized renderers for {@link
>> * org.apache.tapestry5.services.Request}, {@link
>> org.apache.tapestry5.ioc.Location}, {@link
>> @@ -2480,4 +2488,41 @@
>> };
>> }
>>
>> + /**
>> + * Contributes the default set of AssetPathAuthorizers into the
>> AssetProtectionDispatcher.
>> + * @param whitelist authorization based on explicit whitelisting.
>> + * @param regex authorization based on pattern matching.
>> + * @param conf
>> + */
>> + public static void contributeAssetProtectionDispatcher(
>> + @InjectService("WhitelistAuthorizer") AssetPathAuthorizer
>> whitelist,
>> + @InjectService("RegexAuthorizer") AssetPathAuthorizer regex,
>> + OrderedConfiguration<AssetPathAuthorizer> conf)
>> + {
>> + //putting whitelist after everything ensures that, in fact,
>> nothing falls through.
>> + //also ensures that whitelist gives other authorizers the chance
>> to act...
>> + conf.add("regex",regex,"before:whitelist");
>> + conf.add("whitelist", whitelist,"after:*");
>> + }
>> +
>> + public void contributeRegexAuthorizer(Configuration<String> regex,
>> + @Symbol("tapestry.scriptaculous.path") String scriptPath,
>> + @Symbol("tapestry.blackbird.path") String blackbirdPath,
>> + @Symbol("tapestry.datepicker.path") String datepickerPath)
>> + {
>> + //allow any js, jpg, jpeg, png, or css under
>> org/chenillekit/tapstry. The funky bit of ([^/.]+/)* is what allows
>> + //multiple paths, while not allowing any of those paths to
>> contains ./ or ../ thereby preventing paths like:
>> + //org/chenillekit/tapestry/../../../foo.js
>> + String pathPattern =
>> "([^/.]+/)*[^/.]+\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
>> + regex.add("^org/chenillekit/tapestry/" + pathPattern);
>> +
>> + regex.add("^org/apache/tapestry5/" + pathPattern);
>> +
>> + regex.add(blackbirdPath + "/" + pathPattern);
>> + regex.add(datepickerPath + "/" + pathPattern);
>> + regex.add(scriptPath + "/" + pathPattern);
>> + //allow access to virtual assets. Critical for tapestry-combined
>> js files.
>> + regex.add("virtual/" + pathPattern);
>> + }
>> +
>> }
>>
>> Modified:
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834151&r1=834150&r2=834151&view=diff
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>> (original)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
>> Mon Nov 9 17:23:10 2009
>> @@ -257,4 +257,22 @@
>> {
>> configuration.add("ReverseStringsWorker", new
>> ReverseStringsWorker());
>> }
>> +
>> + public static void contributeRegexAuthorizer(Configuration<String>
>> configuration) {
>> + //use this rather than a blanket regex (^.*.jpg$, etc.); want to
>> be sure that tests pass from the default
>> + //configuration setup, (eg: this way, I realized that the
>> "virtual" assets folder
>> + //needed to be opened up in the tapestry-provided contributions)
>> rather than from some blanket configuration in the appmodule
>> + //opening up all css, js, etc. files.
>> + //would contribute to whitelist except that the resource path
>> between ctxt and the rest of the path can change.
>> + configuration.add("^ctx/[^/]+/css/app\\.css$");
>> + configuration.add("^ctx/[^/]+/layout/style\\.css$");
>> + configuration.add("^ctx/[^/]+/layout/images/bg\\.gif$");
>> + configuration.add("^ctx/[^/]+/layout/images/header\\.gif$");
>> + configuration.add("^ctx/[^/]+/layout/images/rightsmall\\.gif$");
>> + configuration.add("^ctx/[^/]+/layout/images/rightbig\\.gif$");
>> + configuration.add("^ctx/[^/]+/layout/images/bottom\\.gif$");
>> + configuration.add("^ctx/[^/]+/layout/images/footer\\.gif$");
>> + configuration.add("^ctx/[^/]+/images/tapestry_banner\\.gif$");
>> + configuration.add("^ctx/[^/]+/images/asf_logo_wide\\.gif$");
>> + }
>> }
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,92 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +package org.apache.tapestry5.internal.services;
>> +
>> +import static org.easymock.EasyMock.createMock;
>> +import static org.easymock.EasyMock.expect;
>> +import static org.easymock.EasyMock.*;
>> +
>> +import java.io.IOException;
>> +import java.util.ArrayList;
>> +import java.util.Arrays;
>> +import java.util.Collections;
>> +import java.util.List;
>> +
>> +import javax.servlet.http.HttpServletResponse;
>> +
>> +import org.apache.tapestry5.internal.services.RequestConstants;
>> +import org.apache.tapestry5.internal.services.AssetProtectionDispatcher;
>> +import org.apache.tapestry5.services.ClasspathAssetAliasManager;
>> +import org.apache.tapestry5.services.Request;
>> +import org.apache.tapestry5.services.Response;
>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>> +import org.testng.Assert;
>> +import org.testng.annotations.Test;
>> +import org.slf4j.Logger;
>> +
>> +public class AssetProtectionDispatcherTest extends Assert
>> +{
>> +
>> + @Test
>> + public void ignores_nonassets() throws IOException
>> + {
>> + //shouldn't need any configuration here...
>> + List<AssetPathAuthorizer> auths = Collections.emptyList();
>> + Logger logger = createMock(Logger.class);
>> + AssetProtectionDispatcher disp = new
>> AssetProtectionDispatcher(auths,null,logger);
>> + Request request = createMock(Request.class);
>> + expect(request.getPath()).andReturn("start");
>> + Response response = createMock(Response.class);
>> + replay(request,response,logger);
>> + assertFalse(disp.dispatch(request, response));
>> + verify(request,response,logger);
>> + }
>> +
>> + @Test
>> + public void checks_authorizers() throws IOException
>> + {
>> + Logger logger = createMock(Logger.class);
>> + List<AssetPathAuthorizer> auths = new
>> ArrayList<AssetPathAuthorizer>();
>> + AssetPathAuthorizer auth = createMock(AssetPathAuthorizer.class);
>> +
>> +
>> expect(auth.order()).andReturn(Arrays.asList(AssetPathAuthorizer.Order.ALLOW,
>> AssetPathAuthorizer.Order.DENY)).times(2);
>> +
>> + expect(auth.accessAllowed("/cayenne.xml")).andReturn(false);
>> + expect(auth.accessDenied("/cayenne.xml")).andReturn(true);
>> +
>> expect(auth.accessAllowed("/org/apache/tapestry/default.css")).andReturn(true);
>> + auths.add(auth);
>> +
>> + logger.debug("Denying access to /cayenne.xml");
>> + logger.debug("Allowing access to
>> /org/apache/tapestry/default.css");
>> +
>> + Request request = createMock(Request.class);
>> + Response response = createMock(Response.class);
>> +
>> expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX +
>> "/cayenne.xml");
>> +
>> expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX +
>> "/org/apache/tapestry/default.css");
>> + response.sendError(HttpServletResponse.SC_FORBIDDEN,
>> "/cayenne.xml");
>> +
>> + ClasspathAssetAliasManager manager =
>> createMock(ClasspathAssetAliasManager.class);
>> + expect(manager.toResourcePath(RequestConstants.ASSET_PATH_PREFIX +
>> "/cayenne.xml")).andReturn("/cayenne.xml");
>> + expect(manager.toResourcePath(
>> + RequestConstants.ASSET_PATH_PREFIX +
>> "/org/apache/tapestry/default.css"))
>> + .andReturn("/org/apache/tapestry/default.css");
>> + replay(auth,request,response,manager,logger);
>> + AssetProtectionDispatcher disp = new
>> AssetProtectionDispatcher(auths,manager,logger);
>> +
>> + assertTrue(disp.dispatch(request,response));
>> + assertFalse(disp.dispatch(request, response));
>> + verify(auth,request,response,logger);
>> + }
>> +}
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,53 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +package org.apache.tapestry5.internal.services;
>> +
>> +import java.util.Arrays;
>> +import java.util.List;
>> +
>> +import org.testng.Assert;
>> +import org.testng.annotations.Test;
>> +import org.apache.tapestry5.internal.services.RegexAuthorizer;
>> +
>> +public class RegexAuthorizerTest extends Assert
>> +{
>> +
>> + @Test
>> + public void test_regexes()
>> + {
>> + List<String> patterns =
>> Arrays.asList("^.*\\.png$","^.*\\.jpg","^.*\\.jpeg");
>> + RegexAuthorizer auth = new RegexAuthorizer(patterns);
>> + String pkg = "assets/com/saiwaisolutions/resources/";
>> + String png = pkg + "foo.png";
>> + String jpg = pkg + "foo.jpg";
>> + String jpeg = pkg + "foo.jpeg";
>> + String xml = pkg + "foo.xml";
>> + test(auth,png,true);
>> + test(auth,jpg,true);
>> + test(auth,jpeg,true);
>> + test(auth,xml,false);
>> + }
>> +
>> + private static void test(RegexAuthorizer auth, String one,boolean
>> allowed)
>> + {
>> + assertEquals(auth.accessAllowed(one),allowed);
>> + assertEquals(
>> + auth.accessAllowed(
>> + "http://localhost:8080" + one),
>> + allowed);
>> + assertFalse(auth.accessDenied(one));
>> + assertFalse(auth.accessDenied("http://localhost:8080" + one));
>> + }
>> +}
>>
>> Added:
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>> URL:
>> http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834151&view=auto
>>
>> ==============================================================================
>> ---
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>> (added)
>> +++
>> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
>> Mon Nov 9 17:23:10 2009
>> @@ -0,0 +1,45 @@
>> +// Copyright 2009 The Apache Software Foundation
>> +//
>> +// Licensed under the Apache License, Version 2.0 (the "License");
>> +// you may not use this file except in compliance with the License.
>> +// You may obtain a copy of the License at
>> +//
>> +// http://www.apache.org/licenses/LICENSE-2.0
>> +//
>> +// Unless required by applicable law or agreed to in writing, software
>> +// distributed under the License is distributed on an "AS IS" BASIS,
>> +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> +// See the License for the specific language governing permissions and
>> +// limitations under the License.
>> +
>> +/*
>> + * Created on Jul 28, 2007
>> + *
>> + *
>> + */
>> +package org.apache.tapestry5.internal.services;
>> +
>> +import java.util.Arrays;
>> +
>> +import org.testng.Assert;
>> +import org.testng.annotations.Test;
>> +import org.apache.tapestry5.internal.services.WhitelistAuthorizer;
>> +import org.apache.tapestry5.services.AssetPathAuthorizer;
>> +
>> +public class WhitelistAuthorizerTest extends Assert {
>> +
>> + @Test
>> + public void run()
>> + {
>> + WhitelistAuthorizer auth = new
>> WhitelistAuthorizer(Arrays.asList("foo"));
>> + assertEquals(auth.order().get(0),
>> AssetPathAuthorizer.Order.ALLOW);
>> + assertEquals(auth.order().get(1), AssetPathAuthorizer.Order.DENY);
>> + assertEquals(auth.order().size(),2);
>> + assertTrue(auth.accessAllowed("foo"));
>> + assertFalse(auth.accessDenied("foo"));
>> +
>> + assertFalse(auth.accessAllowed("bar"));
>> + assertTrue(auth.accessDenied("bar"));
>> + }
>> +
>> +}
>>
>>
>>
>
>
> --
> Best regards,
>
> Igor Drobiazko
>

Re: 5.1 - 5.0 next releases?

2009-11-23T11:20:32Z

fyi, i just sent an email to infra about hudson & selenium...

Also, it looks like tapestry-ioc is a bit unstable - hudson now gives
those failures:
http://hudson.zones.apache.org/hudson/job/tapestry-5.1-trunk/org.apache.tapestry$tapestry-ioc/4/testReport/
while there's no change that could affect that...
So, should be jvm version... i think bamboo runs with 1.5, right? i
could set hudson to
use that (unless someone can explain the failures)

On Mon, Nov 23, 2009 at 8:58 PM, Igor Drobiazko
<igor.drobiazko@...> wrote:

> Howard, is it possible to create builds for the branches at formos bamboo?
> We need a temporal solution. I also feel uncomfortably to release 5.1.0.6
> without having a single build at CI.
>
> On Mon, Nov 23, 2009 at 8:58 AM, Howard Lewis Ship <hlship@...> wrote:
>
>> I don't feel comfortable until the code executes properly in the full
>> stack, including browser, servlet container and Tapestry, and
>> including Ajax updates. Anything simulated in that stack is a
>> potential to be different than the end user's experience. Selenium is
>> a pain in the ass, but it's as close as you'll get to hiring actual
>> people to validate your web app.
>>
>> On Sun, Nov 22, 2009 at 7:14 PM, Kalle Korhonen
>> <kalle.o.korhonen@...> wrote:
>> > On Sun, Nov 22, 2009 at 11:42 AM, Andreas Andreou <andyhot@...>
>> wrote:
>> >> Integration tests aren't currently able to run (missing firefox from
>> path)
>> >> and all 4 failing tests in 5.1 are due to that.
>> >> 5.0 has a few more failures which confirm what i'm seeing locally
>> >> (
>> http://hudson.zones.apache.org/hudson/view/All/job/tapestry-5.0-trunk/3/ )
>> >
>> > On that note, I've had very good success doing integration testing
>> > with HtmlUnit and embedded Jetty. The tests run faster than
>> > Selenium-based ones and are more independent of the environment. The
>> > recent versions of HtmlUnit run any kind of Javascript just fine
>> > (dojo, prototype, etc.) but obviously it's not *exactly* the same as a
>> > real browser. I've re-written both Apache Shiro's and Tynamo's (at
>> > Codehaus) integration tests to use the same concepts (see e.g.
>> >
>> http://svn.apache.org/repos/asf/incubator/shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/AbstractContainerTest.java
>> ).
>> > Just thought it might be worth considering - I know how challenging it
>> > can be at times to rely on infrastructure you are not in control of.
>> > But perhaps Apache infra folks can help making firefox available on
>> > the path.
>> >
>>
>> It's not difficult, just means running Xvfb (X virtual frame buffer).
>>
>> > Kalle
>> >
>> >
>> >> On Sun, Nov 22, 2009 at 6:49 PM, Howard Lewis Ship <hlship@...>
>> wrote:
>> >>> I'm fine with moving stuff off of tapestry.formos.com.
>> >>>
>> >>> I do want to maintain some site with nightly snapshots, though.
>> >>>
>> >>> On Sun, Nov 22, 2009 at 8:39 AM, Andreas Andreou <andyhot@...>
>> wrote:
>> >>>> I have the same problem (lost password & bamboo not sending email) -
>> that's why
>> >>>> I started investigating apache's hudson infrastructure...
>> >>>>
>> >>>> I got 4.1 building there,
>> >>>> http://hudson.zones.apache.org/hudson/job/tapestry-4.1-trunk/
>> >>>> (the trick was to set the build node to master - we were told to use
>> >>>> minerva or vesta but
>> >>>> it looks like those are missing maven)
>> >>>>
>> >>>> I want to go ahead and add 5.0 and 5.1 there anyway. Howard, you
>> >>>> already have an account
>> >>>> but it don't see any T5 builds there, should i just go ahead?
>> >>>>
>> >>>> As for nexus, doing a mvn release will actually just stage it in a
>> >>>> one-time only repo so that
>> >>>> anyone can try it from there. I really wanted to try that with the 5.0
>> >>>> but some build failures
>> >>>> i'm having haven't allowed that - hoping to tackle them as we speak.
>> >>>>
>> >>>>
>> >>>> On Sun, Nov 22, 2009 at 3:55 PM, Igor Drobiazko
>> >>>> <igor.drobiazko@...> wrote:
>> >>>>> Can someone please add builds for 5.1.x and 5.0.x branches to bamboo?
>> I
>> >>>>> forgot my password and bamboo fails to send me a new one.
>> >>>>>
>> >>>>> On Sun, Nov 22, 2009 at 1:38 PM, Howard Lewis Ship <hlship@...>
>> wrote:
>> >>>>>
>> >>>>>> What's the process for staging things in Nexus?
>> >>>>>>
>> >>>>>> On Fri, Nov 20, 2009 at 7:50 AM, Andreas Andreou <andyhot@...
>> >
>> >>>>>> wrote:
>> >>>>>> > [5.0 branch] So, i'm basically still getting 3 test failures in
>> >>>>>> > tapestry-ioc and 2 in
>> >>>>>> > tapestry-core (jdk5 & jdk6)... the good thing is i'm not getting
>> those
>> >>>>>> > in the 5.1 branch, so, i'll try to
>> >>>>>> > look for diffs.
>> >>>>>> >
>> >>>>>> > [5.1 branch] All look fine here, once we say GO, I (or anyone) can
>> >>>>>> > just try to stage the release
>> >>>>>> > in nexus and once that works, send the email for the vote
>> >>>>>> >
>> >>>>>> > On Fri, Nov 20, 2009 at 2:24 PM, Thiago H. de Paula Figueiredo
>> >>>>>> > <thiagohp@...> wrote:
>> >>>>>> >> +1
>> >>>>>> >>
>> >>>>>> >> Em Fri, 20 Nov 2009 07:09:03 -0200, David Rees <
>> drees76@...>
>> >>>>>> escreveu:
>> >>>>>> >>
>> >>>>>> >>> On Thu, Nov 19, 2009 at 10:24 PM, Igor Drobiazko
>> >>>>>> >>> <igor.drobiazko@...> wrote:
>> >>>>>> >>>>
>> >>>>>> >>>> We should release 5.1.0.6 asap because of the security issues.
>> What if
>> >>>>>> we
>> >>>>>> >>>> only backport already fixed issues in 5.2.0.0 snapshots,
>> release
>> >>>>>> 5.1.0.6
>> >>>>>> >>>> and
>> >>>>>> >>>> immidiately go on with 5.1.0.7?
>> >>>>>> >>>
>> >>>>>> >>> I'm a big fan of "release often" as long as people are willing
>> to do it
>> >>>>>> -
>> >>>>>> >>> so +1.
>> >>>>>> >>>
>> >>>>>> >>> -Dave
>> >>>>>> >>>
>> >>>>>> >>>
>> ---------------------------------------------------------------------
>> >>>>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
>> >>>>>> >>> For additional commands, e-mail: dev-help@...
>> >>>>>> >>>
>> >>>>>> >>
>> >>>>>> >>
>> >>>>>> >> --
>> >>>>>> >> Thiago H. de Paula Figueiredo
>> >>>>>> >> Independent Java, Apache Tapestry 5 and Hibernate consultant,
>> developer,
>> >>>>>> and
>> >>>>>> >> instructor
>> >>>>>> >> Owner, software architect and developer, Ars Machina Tecnologia
>> da
>> >>>>>> >> Informação Ltda.
>> >>>>>> >> Consultor, desenvolvedor e instrutor em Java, Tapestry e
>> Hibernate
>> >>>>>> >> Coordenador e professor da Especialização em Engenharia de
>> Software com
>> >>>>>> >> Ênfase em Java da Faculdade Pitágoras
>> >>>>>> >> http://www.arsmachina.com.br
>> >>>>>> >>
>> >>>>>> >>
>> ---------------------------------------------------------------------
>> >>>>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
>> >>>>>> >> For additional commands, e-mail: dev-help@...
>> >>>>>> >>
>> >>>>>> >>
>> >>>>>> >
>> >>>>>> >
>> >>>>>> >
>> >>>>>> > --
>> >>>>>> > Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>> >>>>>> > Tapestry / Tacos developer
>> >>>>>> > Open Source / JEE Consulting
>> >>>>>> >
>> >>>>>> >
>> ---------------------------------------------------------------------
>> >>>>>> > To unsubscribe, e-mail: dev-unsubscribe@...
>> >>>>>> > For additional commands, e-mail: dev-help@...
>> >>>>>> >
>> >>>>>> >
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> Howard M. Lewis Ship
>> >>>>>>
>> >>>>>> Creator of Apache Tapestry
>> >>>>>>
>> >>>>>> The source for Tapestry training, mentoring and support. Contact me
>> to
>> >>>>>> learn how I can get you up and productive in Tapestry fast!
>> >>>>>>
>> >>>>>> (971) 678-5210
>> >>>>>> http://howardlewisship.com
>> >>>>>>
>> >>>>>>
>> ---------------------------------------------------------------------
>> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@...
>> >>>>>> For additional commands, e-mail: dev-help@...
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> Best regards,
>> >>>>>
>> >>>>> Igor Drobiazko
>> >>>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>> >>>> Tapestry / Tacos developer
>> >>>> Open Source / JEE Consulting
>> >>>>
>> >>>> ---------------------------------------------------------------------
>> >>>> To unsubscribe, e-mail: dev-unsubscribe@...
>> >>>> For additional commands, e-mail: dev-help@...
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Howard M. Lewis Ship
>> >>>
>> >>> Creator of Apache Tapestry
>> >>>
>> >>> The source for Tapestry training, mentoring and support. Contact me to
>> >>> learn how I can get you up and productive in Tapestry fast!
>> >>>
>> >>> (971) 678-5210
>> >>> http://howardlewisship.com
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
>> >>> For additional commands, e-mail: dev-help@...
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
>> >> Tapestry / Tacos developer
>> >> Open Source / JEE Consulting
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: dev-unsubscribe@...
>> >> For additional commands, e-mail: dev-help@...
>> >>
>> >>
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: dev-unsubscribe@...
>> > For additional commands, e-mail: dev-help@...
>> >
>> >
>>
>>
>>
>> --
>> Howard M. Lewis Ship
>>
>> Creator of Apache Tapestry
>>
>> The source for Tapestry training, mentoring and support. Contact me to
>> learn how I can get you up and productive in Tapestry fast!
>>
>> (971) 678-5210
>> http://howardlewisship.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@...
>> For additional commands, e-mail: dev-help@...
>>
>>
>
>
> --
> Best regards,
>
> Igor Drobiazko
>

--
Andreas Andreou - andyhot@... - http://blog.andyhot.gr
Tapestry / Tacos developer
Open Source / JEE Consulting

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@...
For additional commands, e-mail: dev-help@...

svn commit: r883465 - in /tapestry/tapestry5/branches/5.0: tapestry-annotations/ tapestry-annotations/.classpath tapestry-annotations/.project tapestry-test/ tapestry-test/.classpath tapestry-test/.project

2009-11-23T11:07:31Z

Author: andyhot
Date: Mon Nov 23 19:07:31 2009
New Revision: 883465

URL: http://svn.apache.org/viewvc?rev=883465&view=rev
Log:
TAP5-819: some more ide files ignored (5.0)

Removed:
tapestry/tapestry5/branches/5.0/tapestry-annotations/.classpath
tapestry/tapestry5/branches/5.0/tapestry-annotations/.project
tapestry/tapestry5/branches/5.0/tapestry-test/.classpath
tapestry/tapestry5/branches/5.0/tapestry-test/.project
Modified:
tapestry/tapestry5/branches/5.0/tapestry-annotations/ (props changed)
tapestry/tapestry5/branches/5.0/tapestry-test/ (props changed)

Propchange: tapestry/tapestry5/branches/5.0/tapestry-annotations/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:07:31 2009
@@ -1 +1,4 @@
target
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.0/tapestry-test/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:07:31 2009
@@ -1,2 +1,5 @@
bin
target
+.classpath
+.project
+.settings

[jira] Updated: (TAP5-819) remove ide-specific files from all sub-modules and add them to svn:ignore

2009-11-23T11:03:39Z

[ https://issues.apache.org/jira/browse/TAP5-819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Andreou updated TAP5-819:
---------------------------------

Fix Version/s: 5.1.0.6

> remove ide-specific files from all sub-modules and add them to svn:ignore
> -------------------------------------------------------------------------
>
> Key: TAP5-819
> URL: https://issues.apache.org/jira/browse/TAP5-819
> Project: Tapestry 5
> Issue Type: Task
> Reporter: Ulrich Stärk
> Assignee: Kevin Menard
> Priority: Minor
> Fix For: 5.2.0.0, 5.1.0.6, 5.0.19
>
>
> remove ide-specific files from all sub-modules and add them to svn:ignore, along with any output directories like target.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

svn commit: r883462 - in /tapestry/tapestry5/branches/5.1.0.x-dev: tapestry-annotations/ tapestry-component-report/ tapestry-core/ tapestry-core/.settings/ tapestry-hibernate-core/ tapestry-hibernate/ tapestry-ioc/ tapestry-ioc/.settings/ tapestry-spri...

2009-11-23T11:00:36Z

Author: andyhot
Date: Mon Nov 23 19:00:32 2009
New Revision: 883462

URL: http://svn.apache.org/viewvc?rev=883462&view=rev
Log:
TAP5-819: remove ide specific files in 5.1 branch

Removed:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-annotations/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-annotations/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-component-report/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-component-report/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/.settings/
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-hibernate/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-hibernate/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-ioc/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-ioc/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-ioc/.settings/
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-spring/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-spring/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-test/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-test/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-tutorial1/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-tutorial1/.project
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-tutorial1/.settings/
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-upload/.classpath
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-upload/.project
Modified:
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-annotations/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-component-report/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-hibernate/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-hibernate-core/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-ioc/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-spring/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-test/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-tutorial1/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-upload/ (props changed)
tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-webflow/ (props changed)

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-annotations/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -1 +1,4 @@
target
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-component-report/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -1,2 +1,5 @@
target
bin
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -8,3 +8,6 @@
testng.xml
null
bin-test
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-hibernate/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -4,3 +4,6 @@
cobertura.ser
null
test-output
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-hibernate-core/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -0,0 +1,4 @@
+target
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-ioc/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -5,3 +5,6 @@
test-output
null
bin-test
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-spring/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -4,3 +4,6 @@
cobertura.ser
null
bin-test
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-test/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -1,2 +1,5 @@
bin
target
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-tutorial1/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -1,2 +1,5 @@
bin
target
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-upload/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -3,3 +3,6 @@
bin
cobertura.ser
temp-testng-customsuite.xml
+.classpath
+.project
+.settings

Propchange: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-webflow/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Nov 23 19:00:32 2009
@@ -0,0 +1,4 @@
+target
+.classpath
+.project
+.settings

Re: 5.1 - 5.0 next releases?

2009-11-23T10:58:50Z

Howard, is it possible to create builds for the branches at formos bamboo?
We need a temporal solution. I also feel uncomfortably to release 5.1.0.6
without having a single build at CI.

On Mon, Nov 23, 2009 at 8:58 AM, Howard Lewis Ship <hlship@...> wrote:

> I don't feel comfortable until the code executes properly in the full
> stack, including browser, servlet container and Tapestry, and
> including Ajax updates. Anything simulated in that stack is a
> potential to be different than the end user's experience. Selenium is
> a pain in the ass, but it's as close as you'll get to hiring actual
> people to validate your web app.
>
> On Sun, Nov 22, 2009 at 7:14 PM, Kalle Korhonen
> <kalle.o.korhonen@...> wrote:
> > On Sun, Nov 22, 2009 at 11:42 AM, Andreas Andreou <andyhot@...>
> wrote:
> >> Integration tests aren't currently able to run (missing firefox from
> path)
> >> and all 4 failing tests in 5.1 are due to that.
> >> 5.0 has a few more failures which confirm what i'm seeing locally
> >> (
> http://hudson.zones.apache.org/hudson/view/All/job/tapestry-5.0-trunk/3/ )
> >
> > On that note, I've had very good success doing integration testing
> > with HtmlUnit and embedded Jetty. The tests run faster than
> > Selenium-based ones and are more independent of the environment. The
> > recent versions of HtmlUnit run any kind of Javascript just fine
> > (dojo, prototype, etc.) but obviously it's not *exactly* the same as a
> > real browser. I've re-written both Apache Shiro's and Tynamo's (at
> > Codehaus) integration tests to use the same concepts (see e.g.
> >
> http://svn.apache.org/repos/asf/incubator/shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/AbstractContainerTest.java
> ).
> > Just thought it might be worth considering - I know how challenging it
> > can be at times to rely on infrastructure you are not in control of.
> > But perhaps Apache infra folks can help making firefox available on
> > the path.
> >
>
> It's not difficult, just means running Xvfb (X virtual frame buffer).
>
> > Kalle
> >
> >
> >> On Sun, Nov 22, 2009 at 6:49 PM, Howard Lewis Ship <hlship@...>
> wrote:
> >>> I'm fine with moving stuff off of tapestry.formos.com.
> >>>
> >>> I do want to maintain some site with nightly snapshots, though.
> >>>
> >>> On Sun, Nov 22, 2009 at 8:39 AM, Andreas Andreou <andyhot@...>
> wrote:
> >>>> I have the same problem (lost password & bamboo not sending email) -
> that's why
> >>>> I started investigating apache's hudson infrastructure...
> >>>>
> >>>> I got 4.1 building there,
> >>>> http://hudson.zones.apache.org/hudson/job/tapestry-4.1-trunk/
> >>>> (the trick was to set the build node to master - we were told to use
> >>>> minerva or vesta but
> >>>> it looks like those are missing maven)
> >>>>
> >>>> I want to go ahead and add 5.0 and 5.1 there anyway. Howard, you
> >>>> already have an account
> >>>> but it don't see any T5 builds there, should i just go ahead?
> >>>>
> >>>> As for nexus, doing a mvn release will actually just stage it in a
> >>>> one-time only repo so that
> >>>> anyone can try it from there. I really wanted to try that with the 5.0
> >>>> but some build failures
> >>>> i'm having haven't allowed that - hoping to tackle them as we speak.
> >>>>
> >>>>
> >>>> On Sun, Nov 22, 2009 at 3:55 PM, Igor Drobiazko
> >>>> <igor.drobiazko@...> wrote:
> >>>>> Can someone please add builds for 5.1.x and 5.0.x branches to bamboo?
> I
> >>>>> forgot my password and bamboo fails to send me a new one.
> >>>>>
> >>>>> On Sun, Nov 22, 2009 at 1:38 PM, Howard Lewis Ship <hlship@...>
> wrote:
> >>>>>
> >>>>>> What's the process for staging things in Nexus?
> >>>>>>
> >>>>>> On Fri, Nov 20, 2009 at 7:50 AM, Andreas Andreou <andyhot@...
> >
> >>>>>> wrote:
> >>>>>> > [5.0 branch] So, i'm basically still getting 3 test failures in
> >>>>>> > tapestry-ioc and 2 in
> >>>>>> > tapestry-core (jdk5 & jdk6)... the good thing is i'm not getting
> those
> >>>>>> > in the 5.1 branch, so, i'll try to
> >>>>>> > look for diffs.
> >>>>>> >
> >>>>>> > [5.1 branch] All look fine here, once we say GO, I (or anyone) can
> >>>>>> > just try to stage the release
> >>>>>> > in nexus and once that works, send the email for the vote
> >>>>>> >
> >>>>>> > On Fri, Nov 20, 2009 at 2:24 PM, Thiago H. de Paula Figueiredo
> >>>>>> > <thiagohp@...> wrote:
> >>>>>> >> +1
> >>>>>> >>
> >>>>>> >> Em Fri, 20 Nov 2009 07:09:03 -0200, David Rees <
> drees76@...>
> >>>>>> escreveu:
> >>>>>> >>
> >>>>>> >>> On Thu, Nov 19, 2009 at 10:24 PM, Igor Drobiazko
> >>>>>> >>> <igor.drobiazko@...> wrote:
> >>>>>> >>>>
> >>>>>> >>>> We should release 5.1.0.6 asap because of the security issues.
> What if
> >>>>>> we
> >>>>>> >>>> only backport already fixed issues in 5.2.0.0 snapshots,
> release
> >>>>>> 5.1.0.6
> >>>>>> >>>> and
> >>>>>> >>>> immidiately go on with 5.1.0.7?
> >>>>>> >>>
> >>>>>> >>> I'm a big fan of "release often" as long as people are willing
> to do it
> >>>>>> -
> >>>>>> >>> so +1.
> >>>>>> >>>
> >>>>>> >>> -Dave
> >>>>>> >>>
> >>>>>> >>>
> ---------------------------------------------------------------------
> >>>>>> >>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>>>> >>> For additional commands, e-mail: dev-help@...
> >>>>>> >>>
> >>>>>> >>
> >>>>>> >>
> >>>>>> >> --
> >>>>>> >> Thiago H. de Paula Figueiredo
> >>>>>> >> Independent Java, Apache Tapestry 5 and Hibernate consultant,
> developer,
> >>>>>> and
> >>>>>> >> instructor
> >>>>>> >> Owner, software architect and developer, Ars Machina Tecnologia
> da
> >>>>>> >> Informação Ltda.
> >>>>>> >> Consultor, desenvolvedor e instrutor em Java, Tapestry e
> Hibernate
> >>>>>> >> Coordenador e professor da Especialização em Engenharia de
> Software com
> >>>>>> >> Ênfase em Java da Faculdade Pitágoras
> >>>>>> >> http://www.arsmachina.com.br
> >>>>>> >>
> >>>>>> >>
> ---------------------------------------------------------------------
> >>>>>> >> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>>>> >> For additional commands, e-mail: dev-help@...
> >>>>>> >>
> >>>>>> >>
> >>>>>> >
> >>>>>> >
> >>>>>> >
> >>>>>> > --
> >>>>>> > Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> >>>>>> > Tapestry / Tacos developer
> >>>>>> > Open Source / JEE Consulting
> >>>>>> >
> >>>>>> >
> ---------------------------------------------------------------------
> >>>>>> > To unsubscribe, e-mail: dev-unsubscribe@...
> >>>>>> > For additional commands, e-mail: dev-help@...
> >>>>>> >
> >>>>>> >
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Howard M. Lewis Ship
> >>>>>>
> >>>>>> Creator of Apache Tapestry
> >>>>>>
> >>>>>> The source for Tapestry training, mentoring and support. Contact me
> to
> >>>>>> learn how I can get you up and productive in Tapestry fast!
> >>>>>>
> >>>>>> (971) 678-5210
> >>>>>> http://howardlewisship.com
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>>>> For additional commands, e-mail: dev-help@...
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Best regards,
> >>>>>
> >>>>> Igor Drobiazko
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> >>>> Tapestry / Tacos developer
> >>>> Open Source / JEE Consulting
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>>> For additional commands, e-mail: dev-help@...
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Howard M. Lewis Ship
> >>>
> >>> Creator of Apache Tapestry
> >>>
> >>> The source for Tapestry training, mentoring and support. Contact me to
> >>> learn how I can get you up and productive in Tapestry fast!
> >>>
> >>> (971) 678-5210
> >>> http://howardlewisship.com
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@...
> >>> For additional commands, e-mail: dev-help@...
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Andreas Andreou - andyhot@... - http://blog.andyhot.gr
> >> Tapestry / Tacos developer
> >> Open Source / JEE Consulting
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@...
> >> For additional commands, e-mail: dev-help@...
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@...
> > For additional commands, e-mail: dev-help@...
> >
> >
>
>
>
> --
> Howard M. Lewis Ship
>
> Creator of Apache Tapestry
>
> The source for Tapestry training, mentoring and support. Contact me to
> learn how I can get you up and productive in Tapestry fast!
>
> (971) 678-5210
> http://howardlewisship.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@...
> For additional commands, e-mail: dev-help@...
>
>

--
Best regards,

Igor Drobiazko