tag:old.nabble.com,2006:forum-302Nabble - Tapestry2009-11-09T14:12:52ZTapestry is a powerful, open-source, all-Java framework for creating leading edge web applications in Java. Jakarta Tapestry home is <a href="http://jakarta.apache.org/tapestry/" target="_top" rel="nofollow">here</a>.tag:old.nabble.com,2006:post-26274666Re: GAE and Tapestry5 integration2009-11-09T14:12:52Z2009-11-09T14:12:52ZsodiumHi Dmitry,
<br><br>Thanks for sharing. I tried integrating the Spring in it but it keep spitting out all sorts of errors when its constructing the bean from the applicationContext.xml. Can u share how u integrate Spring in it? I noticed that u r using the Spring 3.x instead.
<br><br>I tried integrate with TapestrySpringFilter and it seems to be using Spring 2.5.6. So i decided to change your applicationContext.xml schema to 2.5 instead.
<br><br>Here's my <b>web.xml</b><br><!--
<br> <filter>
<br> <filter-name>app</filter-name>
<br> <filter-class>org.apache.tapestry5.TapestryFilter</filter-class>
<br> </filter>
<br> -->
<br><filter>
<br> <filter-name>app</filter-name>
<br> <filter-class>org.apache.tapestry5.spring.TapestrySpringFilter</filter-class>
<br> </filter>
<br> <context-param>
<br> <param-name>contextConfigLocation</param-name>
<br> <param-value>/WEB-INF/applicationContext.xml</param-value>
<br> </context-param>
<br><br>Here's my maven build to include more dependencies from your given applicationContext.xml
<br><br><dependency>
<br> <groupId>org.apache.tapestry</groupId>
<br> <artifactId>tapestry-spring</artifactId>
<br> <version>${tapestry-release-version}</version>
<br> </dependency>
<br> <dependency>
<br> <groupId>org.springframework</groupId>
<br> <artifactId>spring-jdbc</artifactId>
<br> <version>2.5.6</version>
<br> </dependency>
<br> <dependency>
<br> <groupId>org.springframework</groupId>
<br> <artifactId>spring-orm</artifactId>
<br> <version>2.5.6</version>
<br> </dependency>
<br> <dependency>
<br> <groupId>org.springframework</groupId>
<br> <artifactId>spring-aspects</artifactId>
<br> <version>2.5.6</version>
<br> </dependency>
<br> <dependency>
<br> <groupId>org.springframework</groupId>
<br> <artifactId>spring-tx</artifactId>
<br> <version>2.5.6</version>
<br> </dependency>
<br> <dependency>
<br> <groupId>org.springframework</groupId>
<br> <artifactId>spring-aop</artifactId>
<br> <version>2.5.6</version>
<br> </dependency>
<br><br>Am i missing out something here? I tried using Tapestry 5.1.0.5 and also the 5.2 built from trunk.
<br><br>Here's the <b>error</b>:
<br><br>[INFO] ioc.RegistryBuilder Adding module definition for class org.apache.tapestry5.ioc.services.TapestryIOCModule
<br>[INFO] ioc.RegistryBuilder Adding module definition for class com.kenai.tapestryjpa.JPAModule
<br>[INFO] ioc.RegistryBuilder Adding module definition for class com.kenai.tapestryjpa.JPACoreModule
<br>[INFO] ioc.RegistryBuilder Adding module definition for class org.apache.tapestry5.spring.SpringModule
<br>[INFO] ioc.RegistryBuilder Adding module definition for class org.apache.tapestry5.services.TapestryModule
<br>[INFO] ioc.RegistryBuilder Adding module definition for class org.apache.tapestry5.internal.services.InternalModule
<br>[INFO] ioc.RegistryBuilder Adding module definition for class com.myproject.services.AppModule
<br>[INFO] SpringModuleDef.ApplicationContext Starting Spring (version 2.5.6)
<br>[INFO] context.ContextLoader Root WebApplicationContext: initialization started
<br>[INFO] spring.TapestryApplicationContext Refreshing org.apache.tapestry5.spring.TapestryApplicationContext@39060b: display name [Root WebApplicationContext]; startup date [Mon Nov 09 22:03:52 UTC 2009]; root of context hierarchy
<br>[INFO] xml.XmlBeanDefinitionReader Loading XML bean definitions from ServletContext resource [/WEB-INF/applicationContext.xml]
<br>[INFO] spring.TapestryApplicationContext Bean factory for application context [org.apache.tapestry5.spring.TapestryApplicationContext@39060b]: org.apache.tapestry5.internal.spring.TapestyBeanFactory@d23e53
<br>[INFO] spring.TapestyBeanFactory Pre-instantiating singletons in org.apache.tapestry5.internal.spring.TapestyBeanFactory@d23e53: defining beans [txAdvice,org.springframework.aop.config.internalAutoProxyCreator,daoOperations,org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor#0,entityManagerFactory,txManager,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,personDAO]; root of factory hierarchy
<br>[INFO] jpa.LocalEntityManagerFactoryBean Building JPA EntityManagerFactory for persistence unit 'transactions-optional'
<br>[INFO] DataNucleus.Plugin Bundle "org.datanucleus.jpa" has an optional dependency to "org.datanucleus.enhancer" but it cannot be resolved
<br>[INFO] DataNucleus.Plugin Bundle "org.datanucleus" has an optional dependency to "org.eclipse.equinox.registry" but it cannot be resolved
<br>[INFO] DataNucleus.Plugin Bundle "org.datanucleus" has an optional dependency to "org.eclipse.core.runtime" but it cannot be resolved
<br>[WARN] DataNucleus.JPA No META-INF/persistence.xml files were found in the CLASSPATH of the current thread!
<br>[WARN] DataNucleus.JPA No persistence unit of name "transactions-optional" is found in the CLASSPATH of the current thread!
<br>[INFO] spring.TapestyBeanFactory Destroying singletons in org.apache.tapestry5.internal.spring.TapestyBeanFactory@d23e53: defining beans [txAdvice,org.springframework.aop.config.internalAutoProxyCreator,daoOperations,org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor#0,entityManagerFactory,txManager,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,personDAO]; root of factory hierarchy
<br>[ERROR] context.ContextLoader Context initialization failed
<br>org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txAdvice': Cannot resolve reference to bean 'txManager' while setting bean property 'transactionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
<br> at java.security.AccessController.doPrivileged(Native Method)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
<br> at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
<br> at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
<br> at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
<br> at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
<br> at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
<br> at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
<br> at org.apache.tapestry5.internal.spring.SpringModuleDef$3$1.invoke(SpringModuleDef.java:176)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:68)
<br> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:68)
<br> at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:941)
<br> at org.apache.tapestry5.internal.spring.SpringModuleDef$3.createObject(SpringModuleDef.java:166)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator$1.invoke(OperationTrackingObjectCreator.java:45)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:68)
<br> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:68)
<br> at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:941)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator.createObject(OperationTrackingObjectCreator.java:49)
<br> at org.apache.tapestry5.ioc.internal.SingletonServiceLifecycle.createService(SingletonServiceLifecycle.java:29)
<br> at org.apache.tapestry5.ioc.internal.LifecycleWrappedServiceCreator.createObject(LifecycleWrappedServiceCreator.java:46)
<br> at org.apache.tapestry5.ioc.internal.AdvisorStackBuilder.createObject(AdvisorStackBuilder.java:60)
<br> at org.apache.tapestry5.ioc.internal.InterceptorStackBuilder.createObject(InterceptorStackBuilder.java:52)
<br> at org.apache.tapestry5.ioc.internal.RecursiveServiceCreationCheckWrapper.createObject(RecursiveServiceCreationCheckWrapper.java:60)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator$1.invoke(OperationTrackingObjectCreator.java:45)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:68)
<br> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:68)
<br> at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:941)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator.createObject(OperationTrackingObjectCreator.java:49)
<br> at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.obtainObjectFromCreator(JustInTimeObjectCreator.java:68)
<br> at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.createObject(JustInTimeObjectCreator.java:57)
<br> at $ConfigurableWebApplicationContext_124daf973a0.delegate($ConfigurableWebApplicationContext_124daf973a0.java)
<br> at $ConfigurableWebApplicationContext_124daf973a0.getBeanDefinitionCount($ConfigurableWebApplicationContext_124daf973a0.java)
<br> at org.apache.tapestry5.spring.SpringModule$1.initializeApplication(SpringModule.java:53)
<br> at $ApplicationInitializer_124daf973bb.initializeApplication($ApplicationInitializer_124daf973bb.java)
<br> at org.apache.tapestry5.services.TapestryModule$35.initializeApplication(TapestryModule.java:2132)
<br> at $ApplicationInitializer_124daf973bb.initializeApplication($ApplicationInitializer_124daf973bb.java)
<br> at $ApplicationInitializer_124daf973b7.initializeApplication($ApplicationInitializer_124daf973b7.java)
<br> at org.apache.tapestry5.services.TapestryModule$ServletApplicationInitializerTerminator.initializeApplication(TapestryModule.java:223)
<br> at $ServletApplicationInitializer_124daf9739b.initializeApplication($ServletApplicationInitializer_124daf9739b.java)
<br> at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:85)
<br> at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:99)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:589)
<br> at org.mortbay.jetty.servlet.Context.startContext(Context.java:139)
<br> at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1218)
<br> at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:500)
<br> at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:448)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117)
<br> at org.mortbay.jetty.Server.doStart(Server.java:217)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at com.google.appengine.tools.development.JettyContainerService.startContainer(JettyContainerService.java:181)
<br> at com.google.appengine.tools.development.AbstractContainerService.startup(AbstractContainerService.java:116)
<br> at com.google.appengine.tools.development.DevAppServerImpl.start(DevAppServerImpl.java:217)
<br> at com.google.appengine.tools.development.DevAppServerMain$StartAction.apply(DevAppServerMain.java:162)
<br> at com.google.appengine.tools.util.Parser$ParseResult.applyArgs(Parser.java:48)
<br> at com.google.appengine.tools.development.DevAppServerMain.<init>(DevAppServerMain.java:113)
<br> at com.google.appengine.tools.development.DevAppServerMain.main(DevAppServerMain.java:89)
<br>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
<br> at java.security.AccessController.doPrivileged(Native Method)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
<br> at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
<br> ... 69 more
<br>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
<br> at java.security.AccessController.doPrivileged(Native Method)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
<br> at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
<br> ... 82 more
<br>Caused by: javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at javax.persistence.Persistence.createFactory(Persistence.java:176)
<br> at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:112)
<br> at org.springframework.orm.jpa.LocalEntityManagerFactoryBean.createNativeEntityManagerFactory(LocalEntityManagerFactoryBean.java:91)
<br> at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPropertiesSet(AbstractEntityManagerFactoryBean.java:291)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1369)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
<br> ... 92 more
<br>Caused by: java.lang.NullPointerException
<br> at org.datanucleus.jpa.EntityManagerFactoryImpl.initialisePMF(EntityManagerFactoryImpl.java:452)
<br> at org.datanucleus.jpa.EntityManagerFactoryImpl.<init>(EntityManagerFactoryImpl.java:355)
<br> at org.datanucleus.store.appengine.jpa.DatastoreEntityManagerFactory.<init>(DatastoreEntityManagerFactory.java:63)
<br> at org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider.createEntityManagerFactory(DatastorePersistenceProvider.java:35)
<br> at javax.persistence.Persistence.createFactory(Persistence.java:172)
<br> ... 97 more
<br>[ERROR] ioc.Registry Error creating bean with name 'txAdvice': Cannot resolve reference to bean 'txManager' while setting bean property 'transactionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br>[ERROR] ioc.Registry Operations trace:
<br>[ERROR] ioc.Registry [ 1] Realizing service ApplicationContext
<br>[ERROR] ioc.Registry [ 2] Invoking ObjectCreator for Spring ApplicationContext
<br>[ERROR] ioc.Registry [ 3] Creating Spring ApplicationContext via ContextLoader
<br>[ERROR] SpringModuleDef.ApplicationContext Construction of service ApplicationContext failed: Error creating bean with name 'txAdvice': Cannot resolve reference to bean 'txManager' while setting bean property 'transactionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br>org.apache.tapestry5.ioc.internal.OperationException: Error creating bean with name 'txAdvice': Cannot resolve reference to bean 'txManager' while setting bean property 'transactionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:90)
<br> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:68)
<br> at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:941)
<br> at org.apache.tapestry5.internal.spring.SpringModuleDef$3.createObject(SpringModuleDef.java:166)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator$1.invoke(OperationTrackingObjectCreator.java:45)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:68)
<br> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:68)
<br> at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:941)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator.createObject(OperationTrackingObjectCreator.java:49)
<br> at org.apache.tapestry5.ioc.internal.SingletonServiceLifecycle.createService(SingletonServiceLifecycle.java:29)
<br> at org.apache.tapestry5.ioc.internal.LifecycleWrappedServiceCreator.createObject(LifecycleWrappedServiceCreator.java:46)
<br> at org.apache.tapestry5.ioc.internal.AdvisorStackBuilder.createObject(AdvisorStackBuilder.java:60)
<br> at org.apache.tapestry5.ioc.internal.InterceptorStackBuilder.createObject(InterceptorStackBuilder.java:52)
<br> at org.apache.tapestry5.ioc.internal.RecursiveServiceCreationCheckWrapper.createObject(RecursiveServiceCreationCheckWrapper.java:60)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator$1.invoke(OperationTrackingObjectCreator.java:45)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:68)
<br> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.invoke(PerThreadOperationTracker.java:68)
<br> at org.apache.tapestry5.ioc.internal.RegistryImpl.invoke(RegistryImpl.java:941)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackingObjectCreator.createObject(OperationTrackingObjectCreator.java:49)
<br> at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.obtainObjectFromCreator(JustInTimeObjectCreator.java:68)
<br> at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.createObject(JustInTimeObjectCreator.java:57)
<br> at $ConfigurableWebApplicationContext_124daf973a0.delegate($ConfigurableWebApplicationContext_124daf973a0.java)
<br> at $ConfigurableWebApplicationContext_124daf973a0.getBeanDefinitionCount($ConfigurableWebApplicationContext_124daf973a0.java)
<br> at org.apache.tapestry5.spring.SpringModule$1.initializeApplication(SpringModule.java:53)
<br> at $ApplicationInitializer_124daf973bb.initializeApplication($ApplicationInitializer_124daf973bb.java)
<br> at org.apache.tapestry5.services.TapestryModule$35.initializeApplication(TapestryModule.java:2132)
<br> at $ApplicationInitializer_124daf973bb.initializeApplication($ApplicationInitializer_124daf973bb.java)
<br> at $ApplicationInitializer_124daf973b7.initializeApplication($ApplicationInitializer_124daf973b7.java)
<br> at org.apache.tapestry5.services.TapestryModule$ServletApplicationInitializerTerminator.initializeApplication(TapestryModule.java:223)
<br> at $ServletApplicationInitializer_124daf9739b.initializeApplication($ServletApplicationInitializer_124daf9739b.java)
<br> at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:85)
<br> at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:99)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:589)
<br> at org.mortbay.jetty.servlet.Context.startContext(Context.java:139)
<br> at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1218)
<br> at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:500)
<br> at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:448)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117)
<br> at org.mortbay.jetty.Server.doStart(Server.java:217)
<br> at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
<br> at com.google.appengine.tools.development.JettyContainerService.startContainer(JettyContainerService.java:181)
<br> at com.google.appengine.tools.development.AbstractContainerService.startup(AbstractContainerService.java:116)
<br> at com.google.appengine.tools.development.DevAppServerImpl.start(DevAppServerImpl.java:217)
<br> at com.google.appengine.tools.development.DevAppServerMain$StartAction.apply(DevAppServerMain.java:162)
<br> at com.google.appengine.tools.util.Parser$ParseResult.applyArgs(Parser.java:48)
<br> at com.google.appengine.tools.development.DevAppServerMain.<init>(DevAppServerMain.java:113)
<br> at com.google.appengine.tools.development.DevAppServerMain.main(DevAppServerMain.java:89)
<br>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txAdvice': Cannot resolve reference to bean 'txManager' while setting bean property 'transactionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
<br> at java.security.AccessController.doPrivileged(Native Method)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
<br> at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
<br> at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
<br> at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
<br> at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
<br> at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
<br> at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
<br> at org.apache.tapestry5.internal.spring.SpringModuleDef$3$1.invoke(SpringModuleDef.java:176)
<br> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:68)
<br> ... 50 more
<br>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'txManager' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'entityManagerFactory' while setting bean property 'entityManagerFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
<br> at java.security.AccessController.doPrivileged(Native Method)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
<br> at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
<br> ... 69 more
<br>Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
<br> at java.security.AccessController.doPrivileged(Native Method)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
<br> at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
<br> at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
<br> at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
<br> ... 82 more
<br>Caused by: javax.persistence.PersistenceException: Provider error. Provider: org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider
<br> at javax.persistence.Persistence.createFactory(Persistence.java:176)
<br> at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:112)
<br> at org.springframework.orm.jpa.LocalEntityManagerFactoryBean.createNativeEntityManagerFactory(LocalEntityManagerFactoryBean.java:91)
<br> at org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPropertiesSet(AbstractEntityManagerFactoryBean.java:291)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1369)
<br> at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
<br> ... 92 more
<br>Caused by: java.lang.NullPointerException
<br> at org.datanucleus.jpa.EntityManagerFactoryImpl.initialisePMF(EntityManagerFactoryImpl.java:452)
<br> at org.datanucleus.jpa.EntityManagerFactoryImpl.<init>(EntityManagerFactoryImpl.java:355)
<br> at org.datanucleus.store.appengine.jpa.DatastoreEntityManagerFactory.<init>(DatastoreEntityManagerFactory.java:63)
<br> at org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider.createEntityManagerFactory(DatastorePersistenceProvider.java:35)
<br> at javax.persistence.Persistence.createFactory(Persistence.java:172)
<br> ... 97 more
<br>The server is running at <a href="http://localhost:8080/" target="_top" rel="nofollow">http://localhost:8080/</a><br><br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Dmitry Gusev wrote:</div>
<div class="quote-message shrinkable-quote">Here's some examples:
<br><br>*ping-service\src\META-INF\persistence.xml:*
<br><?xml version="1.0" encoding="UTF-8" ?>
<br><persistence xmlns="<a href="http://java.sun.com/xml/ns/persistence" target="_top" rel="nofollow">http://java.sun.com/xml/ns/persistence</a>"
<br> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_top" rel="nofollow">http://www.w3.org/2001/XMLSchema-instance</a>"
<br> xsi:schemaLocation="<a href="http://java.sun.com/xml/ns/persistence" target="_top" rel="nofollow">http://java.sun.com/xml/ns/persistence</a><br> <a href="http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" target="_top" rel="nofollow">http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd</a>"
<br>version="1.0">
<br><br> <persistence-unit name="transactions-optional">
<br><br><provider>org.datanucleus.store.appengine.jpa.DatastorePersistenceProvider</provider>
<br> <properties>
<br> <property name="datanucleus.NontransactionalRead" value="true"/>
<br> <property name="datanucleus.NontransactionalWrite"
<br>value="true"/>
<br> <property name="datanucleus.ConnectionURL" value="appengine"/>
<br> </properties>
<br> </persistence-unit>
<br><br></persistence>
<br><br>*ping-service\war\WEB-INF\applicationContext.xml:*
<br><br><?xml version="1.0" encoding="UTF-8"?>
<br><beans xmlns="<a href="http://www.springframework.org/schema/beans" target="_top" rel="nofollow">http://www.springframework.org/schema/beans</a>"
<br> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_top" rel="nofollow">http://www.w3.org/2001/XMLSchema-instance</a>"
<br> xmlns:aop="<a href="http://www.springframework.org/schema/aop" target="_top" rel="nofollow">http://www.springframework.org/schema/aop</a>"
<br> xmlns:tx="<a href="http://www.springframework.org/schema/tx" target="_top" rel="nofollow">http://www.springframework.org/schema/tx</a>"
<br> xmlns:context="<a href="http://www.springframework.org/schema/context" target="_top" rel="nofollow">http://www.springframework.org/schema/context</a>"
<br> xsi:schemaLocation="
<br> <a href="http://www.springframework.org/schema/beans" target="_top" rel="nofollow">http://www.springframework.org/schema/beans</a><br> <a href="http://www.springframework.org/schema/beans/spring-beans-3.0.xsd" target="_top" rel="nofollow">http://www.springframework.org/schema/beans/spring-beans-3.0.xsd</a><br> <a href="http://www.springframework.org/schema/tx" target="_top" rel="nofollow">http://www.springframework.org/schema/tx</a><br> <a href="http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" target="_top" rel="nofollow">http://www.springframework.org/schema/tx/spring-tx-3.0.xsd</a><br> <a href="http://www.springframework.org/schema/aop" target="_top" rel="nofollow">http://www.springframework.org/schema/aop</a><br> <a href="http://www.springframework.org/schema/aop/spring-aop-3.0.xsd" target="_top" rel="nofollow">http://www.springframework.org/schema/aop/spring-aop-3.0.xsd</a><br> <a href="http://www.springframework.org/schema/context" target="_top" rel="nofollow">http://www.springframework.org/schema/context</a><br> <a href="http://www.springframework.org/schema/context/spring-context-3.0.xsd" target="_top" rel="nofollow">http://www.springframework.org/schema/context/spring-context-3.0.xsd</a><br>">
<br><br> <tx:advice id="txAdvice" transaction-manager="txManager">
<br> <tx:attributes>
<br> <tx:method name="*" propagation="REQUIRES_NEW" />
<br> </tx:attributes>
<br> </tx:advice>
<br><br> <aop:config>
<br> <aop:pointcut id="daoOperations"
<br> expression="execution(* dmitrygusev.ping.services.dao.*.*(..))"
<br>/>
<br> <aop:advisor advice-ref="txAdvice" pointcut-ref="daoOperations" />
<br> </aop:config>
<br><br> <bean id="entityManagerFactory"
<br> class="org.springframework.orm.jpa.LocalEntityManagerFactoryBean"
<br> lazy-init="true">
<br> <property name="persistenceUnitName" value="transactions-optional"
<br>/>
<br> </bean>
<br><br> <bean name="txManager"
<br>class="org.springframework.orm.jpa.JpaTransactionManager">
<br> <property name="entityManagerFactory" ref="entityManagerFactory" />
<br> </bean>
<br><br> <context:annotation-config/>
<br><br> <bean name="jobsDAO"
<br>class="dmitrygusev.ping.services.dao.impl.JobDAOImpl"/>
<br> <bean name="refDAO"
<br>class="dmitrygusev.ping.services.dao.impl.RefDAOImpl"/>
<br> <bean name="accountDAO"
<br>class="dmitrygusev.ping.services.dao.impl.AccountDAOImpl"/>
<br> <bean name="scheduleDAO"
<br>class="dmitrygusev.ping.services.dao.impl.ScheduleDAOImpl"/>
<br> <bean name="jobResultDAO"
<br>class="dmitrygusev.ping.services.dao.impl.JobResultDAOImpl"/>
<br><br></beans>
<br><br>*ping-service\src\dmitrygusev\ping\services\dao\ScheduleDAO.java :*
<br>package dmitrygusev.ping.services.dao;
<br><br>import com.google.appengine.api.datastore.Key;
<br><br>import dmitrygusev.ping.entities.Schedule;
<br><br>public interface ScheduleDAO {
<br><br> public abstract void update(Schedule schedule);
<br><br> public abstract void delete(Long id);
<br><br> public abstract Schedule createSchedule(String name);
<br><br> public abstract Schedule find(Key scheduleKey);
<br><br>}
<br><br>*ping-service\src\dmitrygusev\ping\services\dao\impl\ScheduleDAOImpl.java :*
<br>package dmitrygusev.ping.services.dao.impl;
<br><br>import static com.google.appengine.api.datastore.KeyFactory.createKey;
<br><br>import javax.persistence.EntityManager;
<br>import javax.persistence.PersistenceContext;
<br><br>import com.google.appengine.api.datastore.Key;
<br><br>import dmitrygusev.ping.entities.Schedule;
<br>import dmitrygusev.ping.services.dao.ScheduleDAO;
<br><br>public class ScheduleDAOImpl implements ScheduleDAO {
<br><br> @PersistenceContext
<br> private EntityManager em;
<br><br> public Schedule createSchedule(String name) {
<br> Schedule schedule = new Schedule();
<br> schedule.setName(name);
<br><br> em.persist(schedule);
<br><br> return schedule;
<br> }
<br><br> @Override
<br> public void update(Schedule schedule) {
<br> em.merge(schedule);
<br> }
<br><br> @Override
<br> public void delete(Long id) {
<br> Schedule schedule = find(createKey(Schedule.class.getSimpleName(),
<br>id));
<br> em.remove(schedule);
<br> }
<br><br> @Override
<br> public Schedule find(Key scheduleKey) {
<br> return em.find(Schedule.class, scheduleKey);
<br> }
<br>}
<br><br><br>*Then inject ScheduleDAO in your page class using T5's @Inject annotation
<br>and use it.*
<br><br><br><br>On Sun, Nov 8, 2009 at 17:46, Dmitry Gusev <dmitry.gusev@gmail.com> wrote:
<br><br>> Tapestry 5.1 should run on GAE 1.2.6(7) as is.
<br>>
<br>> I used T5.1 w/ Spring/JPA on GAE and didn't get any troubles at the cloud
<br>> except some issues on development machine:
<br>>
<br>>
<br>> <a href="http://dmitrygusev.blogspot.com/2009/10/develope-java-applications-with-gae-sdk.html" target="_top" rel="nofollow">http://dmitrygusev.blogspot.com/2009/10/develope-java-applications-with-gae-sdk.html</a><br>>
<br>> <a href="http://dmitrygusev.blogspot.com/2009/08/turn-java-security-manager-off-in.html" target="_top" rel="nofollow">http://dmitrygusev.blogspot.com/2009/08/turn-java-security-manager-off-in.html</a><br>>
<br>>
<br>>
<br>> On Sun, Nov 8, 2009 at 16:51, sodium <sodium78@yahoo.com> wrote:
<br>>
<br>>>
<br>>> Hi,
<br>>>
<br>>> I have been using Tapestry5 for few of my projects and loving it, but i am
<br>>> thinking of integrating it in Google App Engine.
<br>>> As for Tapestry 5.0.18, i have managed to run it without jpa support by
<br>>> following an example of
<br>>>
<br>>> <a href="http://old.nabble.com/SUCCESSFULL-deploy-Tapestry5-on-google-appengine-ts23018048.html" target="_top" rel="nofollow">http://old.nabble.com/SUCCESSFULL-deploy-Tapestry5-on-google-appengine-ts23018048.html</a><br>>>
<br>>> <a href="http://old.nabble.com/SUCCESSFULL-deploy-Tapestry5-on-google-appengine-ts23018048.html" target="_top" rel="nofollow">http://old.nabble.com/SUCCESSFULL-deploy-Tapestry5-on-google-appengine-ts23018048.html</a><br>>>
<br>>> For Tapestry5.1, i still very confused about
<br>>>
<br>>> <a href="http://old.nabble.com/Tapestry-5.1-running-in-Google-App-Engine-%28GAE%29-tp24923950p24927028.html" target="_top" rel="nofollow">http://old.nabble.com/Tapestry-5.1-running-in-Google-App-Engine-%28GAE%29-tp24923950p24927028.html</a><br>>>
<br>>> <a href="http://old.nabble.com/Tapestry-5.1-running-in-Google-App-Engine-%28GAE%29-tp24923950p24927028.html" target="_top" rel="nofollow">http://old.nabble.com/Tapestry-5.1-running-in-Google-App-Engine-%28GAE%29-tp24923950p24927028.html</a><br>>>
<br>>> Actually my biggest concern is using jpa in GAE with Tapestry5, can anyone
<br>>> provide some clues on how to go about integrating Tap5 with jpa for GAE ?
<br>>> If
<br>>> someone can provide a sample project for GAE(1.2.6) Tapestry5(hopefully
<br>>> 5.1)
<br>>> integration with jpa support, i will definitely bow down to u like a
<br>>> slave.
<br>>> Been scratching my head so hard that my hair is starting to fall...
<br>>>
<br>>> I tried integration Tapestry 5.0.18 with guice2 for jpa support from
<br>>>
<br>>> <a href="http://old.nabble.com/Integration-of-T5-with-the-domain-model-ts9953748s302.html" target="_top" rel="nofollow">http://old.nabble.com/Integration-of-T5-with-the-domain-model-ts9953748s302.html</a><br>>>
<br>>> <a href="http://old.nabble.com/Integration-of-T5-with-the-domain-model-ts9953748s302.html" target="_top" rel="nofollow">http://old.nabble.com/Integration-of-T5-with-the-domain-model-ts9953748s302.html</a><br>>> but the EntityManager keep returning null. Sigh..
<br>>>
<br>>> Any pointers and advice is very much appreciated.
<br>>>
<br>>> --
<br>>> View this message in context:
<br>>> <a href="http://old.nabble.com/GAE-and-Tapestry5-integration-tp26253952p26253952.html" target="_top" rel="nofollow">http://old.nabble.com/GAE-and-Tapestry5-integration-tp26253952p26253952.html</a><br>>> Sent from the Tapestry - User mailing list archive at Nabble.com.
<br>>>
<br>>>
<br>>> ---------------------------------------------------------------------
<br>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>>> For additional commands, e-mail: users-help@tapestry.apache.org
<br>>>
<br>>>
<br>>
<br>>
<br>> --
<br>> Dmitry Gusev
<br>>
<br>> AnjLab Team
<br>> <a href="http://anjlab.com" target="_top" rel="nofollow">http://anjlab.com</a><br>>
<br><br><br><br>--
<br>Dmitry Gusev
<br><br>AnjLab Team
<br><a href="http://anjlab.com" target="_top" rel="nofollow">http://anjlab.com</a></div>
</div></blockquote>
<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26274573Re: Problem with ComponentResources.getElementName()?2009-11-09T14:06:24Z2009-11-09T14:06:24ZHoward Lewis ShipLooks like a bug .... with a tricky fix.
<br><br>On Mon, Nov 9, 2009 at 4:28 AM, Alfie Kirkpatrick
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274573&i=0" target="_top" rel="nofollow">Alfie.Kirkpatrick@...</a>> wrote:
<div class='shrinkable-quote'><br>> This call appears to remove any namespace information, so the following
<br>> are not equivalent:
<br>>
<br>>
<br>>
<br>> <t:mycomponent element="ns:something"/>
<br>>
<br>> <ns:something t:type="mycomponent"/>
<br>>
<br>>
<br>>
<br>> In the first case the element parameter is "ns:something". In the second
<br>> case calling getElementName() returns 'something' without the namespace.
<br>>
<br>>
<br>>
<br>> Is this intentional?
<br>>
<br>>
<br>>
<br>> Thanks, Alfie.
<br>>
<br>>
<br>>
<br>>
<br>>
<br>>
</div><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274573&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274573&i=2" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26274446Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T13:57:25Z2009-11-09T13:57:25ZMichael Gentry-2I thought I had been through most of the site, but I had never seen
<br>the shadow services page.
<br><br>Thanks for the link, Howard!
<br><br>mrg
<br><br><br>On Mon, Nov 9, 2009 at 4:43 PM, Howard Lewis Ship <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=0" target="_top" rel="nofollow">hlship@...</a>> wrote:
<div class='shrinkable-quote'><br>> You know how you can inject the Request? Well the Request service is
<br>> really an extension of the per-thread RequestGlobals object, which
<br>> stores the Request and Response.
<br>>
<br>> Turns out, Tapestry can implement this approach for you automatically;
<br>> creating a proxy object that delegates all of its method invocations
<br>> to another object (accessed as a property of some known service or
<br>> object).
<br>>
<br>> There's a few special builders used for edge cases like this.
<br>>
<br>> On Mon, Nov 9, 2009 at 1:35 PM, Michael Gentry <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=1" target="_top" rel="nofollow">mgentry@...</a>> wrote:
<br>>> Shadow builders? I've only been using T5 for about 2 months now.
<br>>> When do I learn about shadow builders? :-)
<br>>
<br>> <a href="http://tapestry.apache.org/tapestry5.1/tapestry-ioc/shadow.html" target="_top" rel="nofollow">http://tapestry.apache.org/tapestry5.1/tapestry-ioc/shadow.html</a><br>>
<br>>>
<br>>> mrg
<br>>>
<br>>>
<br>>> On Sat, Nov 7, 2009 at 4:34 PM, Carl Crowder <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=2" target="_top" rel="nofollow">carl.crowder@...</a>> wrote:
<br>>>> Agreed: the main thing Tapestry is lacking is a book that explains not just
<br>>>> the basics but also concepts that it takes months of working with Tapestry
<br>>>> to discover. Things like shadow builders and so on. I don't care who writes
<br>>>> one as long as there's a definitive guide!
<br>>>
<br>>> ---------------------------------------------------------------------
<br>>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=3" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=4" target="_top" rel="nofollow">users-help@...</a>
<br>>>
<br>>>
<br>>
<br>>
<br>>
<br>> --
<br>> Howard M. Lewis Ship
<br>>
<br>> Creator of Apache Tapestry
<br>>
<br>> The source for Tapestry training, mentoring and support. Contact me to
<br>> learn how I can get you up and productive in Tapestry fast!
<br>>
<br>> (971) 678-5210
<br>> <a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=5" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=6" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
</div><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=7" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274446&i=8" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26274347Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T13:50:35Z2009-11-09T13:50:35ZMichael Gentry-2I think documentation and small/focused cookbook-type examples (thank
<br>goodness for JumpStart) are the biggest hurdle to people learning and
<br>using T5 currently. (At least that is my experience.) The user
<br>community and framework are robust, but figuring out how to do
<br>something can be challenging at times (even when searching the mailing
<br>list).
<br><br>I'm not exactly sure what the motivation for writing a book would be.
<br>Maybe you want to make some money off of it or use it as a marketing
<br>tool (developers can tell their PHBs there is a Tapestry book)? My
<br>personal preference would be to have good documentation at
<br>tapestry.apache.org -- something that can be updated (paper dates
<br>itself quickly, especially when Tapestry 5.2.0.24 comes out) and is
<br>searchable (Google is my brain these days). Maybe even have it as a
<br>downloadable PDF that people can put on digital readers. My hope for
<br>you (and us) would be that with good documentation (including
<br>examples/tutorials) and marketing, more developers would come, and a
<br>larger developer base could increase your consulting business.
<br><br>As for a 5.2 release, it is important, but not as important as good
<br>documentation at this point. At least that's my opinion. You could
<br>even do a few bug-fix releases (5.1.0.x) before 5.2 while working on
<br>the documentation/book.
<br><br>Thanks!
<br><br>mrg
<br><br>PS. I also think having fragmented documentation (the web site, the
<br>wiki, etc) makes things harder to find, too.
<br><br><br>On Sat, Nov 7, 2009 at 1:11 PM, Howard <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274347&i=0" target="_top" rel="nofollow">hlship@...</a>> wrote:
<br>> [lots of things about books and coding]
<br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274347&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274347&i=2" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26274242Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T13:44:03Z2009-11-09T13:44:03ZThiago H. de Paula FigueiredoEm Mon, 09 Nov 2009 19:35:09 -0200, Michael Gentry <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274242&i=0" target="_top" rel="nofollow">mgentry@...</a>>
<br>escreveu:
<br><br>> Shadow builders? I've only been using T5 for about 2 months now.
<br>> When do I learn about shadow builders? :-)
<br><br>The documentation is here. The concept is simple. :)
<br><br>--
<br>Thiago H. de Paula Figueiredo
<br>Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
<br>and instructor
<br>Owner, software architect and developer, Ars Machina Tecnologia da
<br>Informação Ltda.
<br><a href="http://www.arsmachina.com.br" target="_top" rel="nofollow">http://www.arsmachina.com.br</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274242&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274242&i=2" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26274231Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T13:43:17Z2009-11-09T13:43:17ZHoward Lewis ShipYou know how you can inject the Request? Well the Request service is
<br>really an extension of the per-thread RequestGlobals object, which
<br>stores the Request and Response.
<br><br>Turns out, Tapestry can implement this approach for you automatically;
<br>creating a proxy object that delegates all of its method invocations
<br>to another object (accessed as a property of some known service or
<br>object).
<br><br>There's a few special builders used for edge cases like this.
<br><br>On Mon, Nov 9, 2009 at 1:35 PM, Michael Gentry <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274231&i=0" target="_top" rel="nofollow">mgentry@...</a>> wrote:
<br>> Shadow builders? I've only been using T5 for about 2 months now.
<br>> When do I learn about shadow builders? :-)
<br><br><a href="http://tapestry.apache.org/tapestry5.1/tapestry-ioc/shadow.html" target="_top" rel="nofollow">http://tapestry.apache.org/tapestry5.1/tapestry-ioc/shadow.html</a><br><div class='shrinkable-quote'><br>>
<br>> mrg
<br>>
<br>>
<br>> On Sat, Nov 7, 2009 at 4:34 PM, Carl Crowder <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274231&i=1" target="_top" rel="nofollow">carl.crowder@...</a>> wrote:
<br>>> Agreed: the main thing Tapestry is lacking is a book that explains not just
<br>>> the basics but also concepts that it takes months of working with Tapestry
<br>>> to discover. Things like shadow builders and so on. I don't care who writes
<br>>> one as long as there's a definitive guide!
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274231&i=2" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274231&i=3" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
</div><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274231&i=4" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274231&i=5" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26274117Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T13:35:09Z2009-11-09T13:35:09ZMichael Gentry-2Shadow builders? I've only been using T5 for about 2 months now.
<br>When do I learn about shadow builders? :-)
<br><br>mrg
<br><br><br>On Sat, Nov 7, 2009 at 4:34 PM, Carl Crowder <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274117&i=0" target="_top" rel="nofollow">carl.crowder@...</a>> wrote:
<br>> Agreed: the main thing Tapestry is lacking is a book that explains not just
<br>> the basics but also concepts that it takes months of working with Tapestry
<br>> to discover. Things like shadow builders and so on. I don't care who writes
<br>> one as long as there's a definitive guide!
<br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274117&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26274117&i=2" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26273998Re: Accessing autoconnect-parameter by reference, not by value2009-11-09T13:26:37Z2009-11-09T13:26:37ZAlexey HaninOh, I finally found what I was doing wrong :) Just misread the
<br>documentation. The parameter bound to the property which is named
<br>exactly as component. In fact only one property can be bound.
<br><br>On Mon, Nov 9, 2009 at 2:14 PM, Alexey Hanin <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273998&i=0" target="_top" rel="nofollow">gagarin61@...</a>> wrote:
<div class='shrinkable-quote'><br>> Seriously, guys? Anyone?
<br>>
<br>> On Sun, Nov 8, 2009 at 8:55 AM, Alexey Hanin <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273998&i=1" target="_top" rel="nofollow">gagarin61@...</a>> wrote:
<br>>> Hmm... Seems like autoconnect does not work for me as I expect.
<br>>>
<br>>> I checked in setupRender() inside EditorComponent and found that
<br>>> 'entity' is null, while Page.setupRender() assigns new value to its
<br>>> same named property.
<br>>>
<br>>> What am I doing wrong?
<br>>>
<br>>> On Sat, Nov 7, 2009 at 7:50 PM, Alexey Hanin <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273998&i=2" target="_top" rel="nofollow">gagarin61@...</a>> wrote:
<br>>>> Hello,
<br>>>>
<br>>>> Recently I found that autoconnect-parameters are being copied instead
<br>>>> of being set as reference to parent parameter.
<br>>>>
<br>>>> What I want is to implement various editor-components containing
<br>>>> BeanEditForm accessing parent property.
<br>>>>
<br>>>> class Page {
<br>>>>
<br>>>> @Property
<br>>>> private EntityObject entity;
<br>>>>
<br>>>> void onSuccess() {
<br>>>> // save entity here
<br>>>> }
<br>>>>
<br>>>> }
<br>>>>
<br>>>> class EditorComponent {
<br>>>>
<br>>>> @Property
<br>>>> @Parameter(autoconnect = true)
<br>>>> private EntityObject entity;
<br>>>>
<br>>>> }
<br>>>>
<br>>>> Which way do I have to start to dig to?
<br>>>>
<br>>>> Alexey.
<br>>>>
<br>>>
<br>>
</div><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273998&i=3" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273998&i=4" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26273788Re: Complete Sample Tapestry Application2009-11-09T13:13:00Z2009-11-09T13:13:00ZkeykubatHello There,
<br><br>More examples, functional tutorials please...
<br>it is good news that the tutorials will come out...
<br><br>So that an expansion will occur in user base,& popularity.
<br><br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Howard Lewis Ship wrote:</div>
<div class="quote-message shrinkable-quote">There's several options.
<br><br>You can use the Tapestry Quickstart archetype (i.e., maven template).
<br><br>You can use the Jumpstart which is a more complete application
<br>template & tutorial.
<br><br>Here's a small example I use in my presentations:
<br><a href="http://github.com/hlship/t5intro" target="_top" rel="nofollow">http://github.com/hlship/t5intro</a><br><br>Please check the Tapestry web site for more links.
<br><br>On Mon, Nov 9, 2009 at 7:55 AM, Jonhy Pear <jonhy.pear@gmail.com> wrote:
<br>> Hello all,
<br>>
<br>> Is there any fully functional Web application in Tapestry5 that can be used
<br>> as a guide to bootstrap our skills in Tapestry5?
<br>>
<br>> Thank you
<br>>
<br><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>For additional commands, e-mail: users-help@tapestry.apache.org
<br></div>
</div></blockquote>
<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26273063Re: i18n overhead2009-11-09T12:22:25Z2009-11-09T12:22:25ZHoward Lewis ShipThere's a lot of room for optimizations here; Tapestry is using the
<br>ClassLoader.getResource() method extensively, and it is very, very
<br>slow. More work to ensure that we don't constantly check and re-check
<br>for the existence of files would make a huge difference in performance
<br>when you are talking about this many properties files. The same may
<br>apply to component templates (which can be localized if you like, thus
<br>the same lookup overhead).
<br><br>On Mon, Nov 9, 2009 at 4:11 AM, Blower, Andy <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=0" target="_top" rel="nofollow">Andy.Blower@...</a>> wrote:
<div class='shrinkable-quote'><br>> We also have a lot of properties files, but so far only one translation. We will have 20+ translations in due course, so I would be concerned if there were performance problems/implications. We're already using 5.1, so I'd be interested if this version has issues will many files.
<br>>
<br>>> -----Original Message-----
<br>>> From: Thiago H. de Paula Figueiredo [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=1" target="_top" rel="nofollow">thiagohp@...</a>]
<br>>> Sent: 08 November 2009 13:30
<br>>> To: Tapestry users
<br>>> Subject: Re: i18n overhead
<br>>>
<br>>> Em Sun, 08 Nov 2009 11:20:48 -0200, Melidramo <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=2" target="_top" rel="nofollow">a5@...</a>>
<br>>> escreveu:
<br>>>
<br>>> >> Why so many property files? Just curious. :)
<br>>> > This is a big project...
<br>>>
<br>>> :)
<br>>>
<br>>> >> What exact version? 5.1.05? 5.0.18?
<br>>> > 5.0.18
<br>>>
<br>>> There are some changes between 5.0.18 to 5.1.0.5 that can affect
<br>>> performance.
<br>>>
<br>>> > Is your question an incentive to migrate to 5.1?
<br>>>
<br>>> Regardless of performance issues, I think it's a good thing to do.
<br>>>
<br>>> --
<br>>> Thiago H. de Paula Figueiredo
<br>>> Independent Java, Apache Tapestry 5 and Hibernate consultant,
<br>>> developer,
<br>>> and instructor
<br>>> Owner, software architect and developer, Ars Machina Tecnologia da
<br>>> Informação Ltda.
<br>>> <a href="http://www.arsmachina.com.br" target="_top" rel="nofollow">http://www.arsmachina.com.br</a><br>>>
<br>>> ---------------------------------------------------------------------
<br>>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=3" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=4" target="_top" rel="nofollow">users-help@...</a>
<br>>>
<br>>
<br>>
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=5" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=6" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
</div><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=7" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26273063&i=8" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26272410Re: Complete Sample Tapestry Application2009-11-09T11:38:47Z2009-11-09T11:38:47ZJonhy PearThat's it! Thank you.
<br><br><br><br>On Mon, Nov 9, 2009 at 7:09 PM, Michael Gentry <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=0" target="_top" rel="nofollow">mgentry@...</a>>wrote:
<br><div class='shrinkable-quote'><br>> JumpStart Examples:
<br>>
<br>> <a href="http://jumpstart.doublenegative.com.au:8080/jumpstart/examples" target="_top" rel="nofollow">http://jumpstart.doublenegative.com.au:8080/jumpstart/examples</a><br>>
<br>>
<br>> On Mon, Nov 9, 2009 at 2:00 PM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=1" target="_top" rel="nofollow">jonhy.pear@...</a>> wrote:
<br>> > Thanks for the link.
<br>> >
<br>> > I've started with the Maven archetype.
<br>> >
<br>> > Where is the Jumpstart app you mention? can you send me that link?
<br>> >
<br>> > On Mon, Nov 9, 2009 at 4:12 PM, Howard Lewis Ship <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=2" target="_top" rel="nofollow">hlship@...</a>>
<br>> wrote:
<br>> >
<br>> >> There's several options.
<br>> >>
<br>> >> You can use the Tapestry Quickstart archetype (i.e., maven template).
<br>> >>
<br>> >> You can use the Jumpstart which is a more complete application
<br>> >> template & tutorial.
<br>> >>
<br>> >> Here's a small example I use in my presentations:
<br>> >> <a href="http://github.com/hlship/t5intro" target="_top" rel="nofollow">http://github.com/hlship/t5intro</a><br>> >>
<br>> >> Please check the Tapestry web site for more links.
<br>> >>
<br>> >> On Mon, Nov 9, 2009 at 7:55 AM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=3" target="_top" rel="nofollow">jonhy.pear@...</a>>
<br>> wrote:
<br>> >> > Hello all,
<br>> >> >
<br>> >> > Is there any fully functional Web application in Tapestry5 that can be
<br>> >> used
<br>> >> > as a guide to bootstrap our skills in Tapestry5?
<br>> >> >
<br>> >> > Thank you
<br>> >> >
<br>> >>
<br>> >>
<br>> >>
<br>> >> --
<br>> >> Howard M. Lewis Ship
<br>> >>
<br>> >> Creator of Apache Tapestry
<br>> >>
<br>> >> The source for Tapestry training, mentoring and support. Contact me to
<br>> >> learn how I can get you up and productive in Tapestry fast!
<br>> >>
<br>> >> (971) 678-5210
<br>> >> <a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br>> >>
<br>> >> ---------------------------------------------------------------------
<br>> >> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=4" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> >> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=5" target="_top" rel="nofollow">users-help@...</a>
<br>> >>
<br>> >>
<br>> >
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=6" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272410&i=7" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
<br></div><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26272353[jira] Commented: (TAP5-815) Asset dispatcher allows any file inside the webapp visible and downloadable2009-11-09T11:35:32Z2009-11-09T11:35:32ZJIRA jira@apache.org<br> [ <a href="https://issues.apache.org/jira/browse/TAP5-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12775085#action_12775085" target="_top" rel="nofollow">https://issues.apache.org/jira/browse/TAP5-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12775085#action_12775085</a> ]
<br><br>Robert Zeigler commented on TAP5-815:
<br>-------------------------------------
<br><br>Hey Chris,
<br><br>I just committed the AssetProtectionDispatcher stuff (to 5.0 and 5.1 branches and to trunk). That should solve your issue, but if you want to double check that, it would be great.
<br>Leaving this issue open for the time being to give people a chance to review. I'll close it tonight or tomorrow if I don't hear anything more.
<br><div class='shrinkable-quote'><br>> Asset dispatcher allows any file inside the webapp visible and downloadable
<br>> ---------------------------------------------------------------------------
<br>>
<br>> Key: TAP5-815
<br>> URL: <a href="https://issues.apache.org/jira/browse/TAP5-815" target="_top" rel="nofollow">https://issues.apache.org/jira/browse/TAP5-815</a><br>> Project: Tapestry 5
<br>> Issue Type: Bug
<br>> Affects Versions: 5.1.0.5
<br>> Reporter: Thiago H. de Paula Figueiredo
<br>> Assignee: Robert Zeigler
<br>> Priority: Blocker
<br>>
<br>> Take any asset and you have an URL like domain.com/assets/ctx/f10407a6c1753e39/css/main.css. If you request domain.com/assets/ctx/f10407a6c1753e39/, a list containing all the files inside the webapp root is shown. It gives you the hint at downloading any file you want, including anyting inside WEB-INF and assets that should be protected by ResourceDigestGenerator.
</div><br>--
<br>This message is automatically generated by JIRA.
<br>-
<br>You can reply to this email to add a comment to the issue online.
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---Dev-f339.html" embed="fixTarget[339]" target="_top" >Tapestry - Dev</a></p>tag:old.nabble.com,2006:post-26272250svn commit: r834180 - in /tapestry/tapestry5/branches/5.0: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestr...2009-11-09T11:28:33Z2009-11-09T11:28:33ZrobertdzeiglerAuthor: robertdzeigler
<br>Date: Mon Nov 9 19:28:32 2009
<br>New Revision: 834180
<br><br>URL: <a href="http://svn.apache.org/viewvc?rev=834180&view=rev" target="_top" rel="nofollow">http://svn.apache.org/viewvc?rev=834180&view=rev</a><br>Log:
<br>TAP5-815: Asset dispatcher allows any file inside the webapp visible and downloadable (5.0 branch)
<br><br>Added:
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
<br>Modified:
<br> tapestry/tapestry5/branches/5.0/src/site/apt/guide/assets.apt
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
<br> tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
<br><br>Modified: tapestry/tapestry5/branches/5.0/src/site/apt/guide/assets.apt
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/src/site/apt/guide/assets.apt?rev=834180&r1=834179&r2=834180&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/src/site/apt/guide/assets.apt?rev=834180&r1=834179&r2=834180&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/src/site/apt/guide/assets.apt (original)
<br>+++ tapestry/tapestry5/branches/5.0/src/site/apt/guide/assets.apt Mon Nov 9 19:28:32 2009
<br>@@ -98,4 +98,28 @@
<br> Care should be taken to not create overlapping mappings, as the results would not be predictable.
<br>
<br>
<br>-
<br>\ No newline at end of file
<br>+Securing Assets
<br>+
<br>+ Securing assets is an important consideration for any web application. Many assets, such as hibernate configuration
<br>+ files, sit in the classpath and are exposable via the Asset service, which is not desirable. To protect these and
<br>+ other sensitive assets, Tapestry provides the AssetProtectionDispatcher. This dispatcher sits in front of the
<br>+ AssetDispatcher, the service responsible for streaming assets to the client, and watches for Asset requests.
<br>+ When an asset request comes in, the protection dispatcher checks for authorization to view the file against a
<br>+ contributed list of AssetPathAuthorizer implementations. Determination of whether the client can view the requested
<br>+ resource is then made based on whether any of the contributed AssetPathAuthorizer implementations explicitly allowed
<br>+ or denied access to the resource.
<br>+
<br>+ Tapestry provides two AssetPathAuthorizer implemenations "out of the box" to which users may contribute: RegexAuthorizer
<br>+ and WhitelistAuthorizer. RegexAuthorizer uses regular expressions to determine assets which are viewable by the
<br>+ client; any assets that match one of its (contributed) regular expressions are authorized. Anything not matched is
<br>+ passed through to the WhitelistAuthorizer. WhitelistAuthorizer uses an exact-matching whitelist. Anything matching
<br>+ exactly one its contributions is allowed; all other asset requests are denied. The default tapestry configuration
<br>+ contributes nothing to WhitelistAuthorizer (access will be denied to all asset requests passed through to it), and
<br>+ explicitly allows access to css, jpg, jpeg, js, png, and gif files associated with tapestry (tapestry.js, blackbird
<br>+ files, date picker files, etc.). The default contribution also enables access to the css, jpg, jpeg, js, png, and gif
<br>+ files provided by the popular chenille-kit 3rd party library. The default configuration denies access to all other
<br>+ assets. To enable access to your application's assets, either contribute a custom AssetPathAnalyzer, or contribute
<br>+ appropriate regular expression or exact path contributions to RegexAuthorizer or WhitelistAuthorizer, respectively.
<br>+ See TapestryModule.contribteRegexAuthorizer for examples.
<br>+
<br>+
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,92 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.io.IOException;
<br>+import java.util.Collection;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+
<br>+import javax.servlet.http.HttpServletResponse;
<br>+
<br>+import org.apache.tapestry5.internal.services.RequestConstants;
<br>+import org.apache.tapestry5.services.*;
<br>+import org.slf4j.Logger;
<br>+
<br>+/**
<br>+ * Dispatcher that handles whether to allow or deny access to particular
<br>+ * assets. Actual work of authorizing a particular url is handled by
<br>+ * implementations of AssetPathAuthorizer. Configuration is an ordered
<br>+ * list of AssetPathAuthorizers. Each authorizer specifies an order of
<br>+ * operations as a list (see AssetPathAuthorizer.Order).
<br>+ *
<br>+ */
<br>+public class AssetProtectionDispatcher implements Dispatcher
<br>+{
<br>+
<br>+ private final Collection<AssetPathAuthorizer> authorizers;
<br>+ private final ClasspathAssetAliasManager assetAliasManager;
<br>+ private final Logger logger;
<br>+
<br>+ public AssetProtectionDispatcher(
<br>+ List<AssetPathAuthorizer> auths,
<br>+ ClasspathAssetAliasManager manager,
<br>+ Logger logger)
<br>+ {
<br>+ this.authorizers = Collections.unmodifiableList(auths);
<br>+ this.assetAliasManager = manager;
<br>+ this.logger = logger;
<br>+ }
<br>+
<br>+ public boolean dispatch(Request request, Response response)
<br>+ throws IOException
<br>+ {
<br>+ String path = request.getPath();
<br>+ //we only protect assets, and don't examine any other url's.
<br>+ if (!path.startsWith(RequestConstants.ASSET_PATH_PREFIX))
<br>+ {
<br>+ return false;
<br>+ }
<br>+ String resourcePath = assetAliasManager.toResourcePath(path);
<br>+ for(AssetPathAuthorizer auth : authorizers)
<br>+ {
<br>+ for(AssetPathAuthorizer.Order o : auth.order())
<br>+ {
<br>+ if (o == AssetPathAuthorizer.Order.ALLOW)
<br>+ {
<br>+ if (auth.accessAllowed(resourcePath))
<br>+ {
<br>+ logger.debug("Allowing access to " + resourcePath);
<br>+ return false;
<br>+ }
<br>+ }
<br>+ else
<br>+ {
<br>+ if (auth.accessDenied(resourcePath))
<br>+ {
<br>+ logger.debug("Denying access to " + resourcePath);
<br>+ response.sendError(HttpServletResponse.SC_FORBIDDEN,resourcePath);
<br>+ return true;
<br>+ }
<br>+ }
<br>+ }
<br>+ }
<br>+ //if we get here, no Authorizer had anything useful to say about the resourcePath.
<br>+ //so let it fall through.
<br>+ logger.debug("Fell through the list of authorizers. Allowing access to: " + resourcePath);
<br>+ return false;
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,76 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+import java.util.ArrayList;
<br>+import java.util.Arrays;
<br>+import java.util.Collection;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+import java.util.regex.Pattern;
<br>+
<br>+/**
<br>+ * Provides a regex-based authorization scheme for asset-access authorization.
<br>+ * Note that this implementation doesn't actually deny access to anything.
<br>+ * But it's placement within the chain of command of authorizers is just before
<br>+ * the whitelist authorizer, which has an explicit deny policy.
<br>+ * Hence, as long as the whitelist authorizer is being used in conjunction with
<br>+ * the regex authorizer, there is no need to worry about accessDenied in this authorizer.
<br>+ *
<br>+ */
<br>+public class RegexAuthorizer implements AssetPathAuthorizer
<br>+{
<br>+
<br>+ private final Collection<Pattern> _regexes;
<br>+
<br>+ public RegexAuthorizer(final Collection<String> regex)
<br>+ {
<br>+ //an alternate way to construct this would be to make sure that each pattern is grouped
<br>+ //and then to regex or the various patterns together into a single pattern.
<br>+ //that might be faster, but probably not enough to make a difference, and this is cleaner.
<br>+ List<Pattern> tmp = new ArrayList<Pattern>();
<br>+ for(String exp : regex)
<br>+ {
<br>+ tmp.add(Pattern.compile(exp));
<br>+ }
<br>+ _regexes = Collections.unmodifiableCollection(tmp);
<br>+
<br>+ }
<br>+
<br>+ public boolean accessAllowed(String resourcePath)
<br>+ {
<br>+ for(Pattern regex : _regexes)
<br>+ {
<br>+ if (regex.matcher(resourcePath).matches())
<br>+ {
<br>+ return true;
<br>+ }
<br>+ }
<br>+ return false;
<br>+ }
<br>+
<br>+ public boolean accessDenied(String resourcePath)
<br>+ {
<br>+ return false;
<br>+ }
<br>+
<br>+ public List<Order> order()
<br>+ {
<br>+ return Arrays.asList(Order.ALLOW);
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,59 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+import java.util.Arrays;
<br>+import java.util.Collection;
<br>+import java.util.List;
<br>+import java.util.Map;
<br>+import java.util.concurrent.ConcurrentHashMap;
<br>+
<br>+/**
<br>+ * AssetPathAuthorizer that determines access rights based on exact matching to a contributed whitelist.
<br>+ * Any resource not explicitly specified in the whitelist is denied access.
<br>+ */
<br>+public class WhitelistAuthorizer implements AssetPathAuthorizer
<br>+{
<br>+
<br>+ public List<Order> order()
<br>+ {
<br>+ return Arrays.asList(Order.ALLOW, Order.DENY);
<br>+ }
<br>+
<br>+ //hash the resource paths for fast lookups.
<br>+ private final Map<String, Boolean> _paths;
<br>+
<br>+ public WhitelistAuthorizer(Collection<String> paths)
<br>+ {
<br>+ _paths = new ConcurrentHashMap<String, Boolean>();
<br>+ for(String path : paths)
<br>+ {
<br>+ _paths.put(path, true);
<br>+ }
<br>+ }
<br>+
<br>+ public boolean accessAllowed(String resourcePath)
<br>+ {
<br>+ return (_paths.containsKey(resourcePath));
<br>+ }
<br>+
<br>+ public boolean accessDenied(String resourcePath)
<br>+ {
<br>+ return !_paths.containsKey(resourcePath);
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,76 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.services;
<br>+
<br>+import java.util.List;
<br>+
<br>+/**
<br>+ * Determines whether access to an asset is allowed, denied, or undetermined.
<br>+ * Each contributed authorizer makes up part of a chain of command for determining access.
<br>+ * Access is explicitly allowed if accessAllowed returns true.
<br>+ * Access is explicitly denied if accessDenied returns true.
<br>+ * Ordering depends on the order specified by the "order" parameter.
<br>+ * Hence, an implementation which specifies an order of:
<br>+ * ALLOW, DENY, and returns true from both accessAllowed and accessDenied
<br>+ * will allow access for all resources. With the same return values for the
<br>+ * access* methods but the order switched to DENY, ALLOW, access to all resources
<br>+ * would be denied. It is possible for an authorizer to have "nothing
<br>+ * to say" regarding a particular resource. If accessAllowed returns false,
<br>+ * it does not mean that access is denied, merely that it is not explicitly allowed.
<br>+ * If accessDenied returns false, it does not mean that access is allowed, merely that
<br>+ * it is not explicitly denied. Hence, if both accessAllowed and accessDenied return false,
<br>+ * control will pass to the next authorizer in the chain.
<br>+ *
<br>+ */
<br>+public interface AssetPathAuthorizer
<br>+{
<br>+
<br>+ /**
<br>+ * Types of orderings, either ALLOW or DENY.
<br>+ */
<br>+ enum Order {ALLOW, DENY;}
<br>+
<br>+ /**
<br>+ * Specify the ordering for this authorizer.
<br>+ * @return the operations for this authorizer.
<br>+ * Operations will be performed in the order returned by the iterator.
<br>+ * It is assumed that the authorizer correctly implements each form of
<br>+ * ordering returned. It is acceptable to only return only ALLOW or DENY.
<br>+ */
<br>+ List<Order> order();
<br>+
<br>+ /**
<br>+ * Determines whether a request to "resourcePath" is allowed.
<br>+ * @param resourcePath
<br>+ * @return true if access is explicitly allowed for the path. False otherwise.
<br>+ * For example, a whitelist implementation would return true if the resource
<br>+ * was listed, and false otherwise. A blacklist implementation would return
<br>+ * false regardless of whether the path was in the blacklist.
<br>+ * Alternatively, if the blacklist specified an order of DENY, ALLOW, it could
<br>+ * return true from accessAllowed if the resource was not explicitly listed in its
<br>+ * blacklist.
<br>+ */
<br>+ boolean accessAllowed(String resourcePath);
<br>+
<br>+ /**
<br>+ *
<br>+ * @param resourcePath
<br>+ * @return true if access is explicitly prohibited for the path. False otherwise.
<br>+ * For example, a whitelist implementation would return true if the resource was
<br>+ * not explicitly listed, and false otherwise. A blacklist implementation would
<br>+ * return true if the resource was explicitly denied, and false otherwise.
<br>+ */
<br>+ boolean accessDenied(String resourcePath);
<br>+}
<br><br>Modified: tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834180&r1=834179&r2=834180&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834180&r1=834179&r2=834180&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Mon Nov 9 19:28:32 2009
<br>@@ -191,6 +191,9 @@
<br> "NullFieldStrategyBindingFactory");
<br> binder.bind(URLEncoder.class, URLEncoderImpl.class);
<br> binder.bind(ContextPathEncoder.class, ContextPathEncoderImpl.class);
<br>+ binder.bind(Dispatcher.class, AssetProtectionDispatcher.class).withId("AssetProtectionDispatcher");
<br>+ binder.bind(AssetPathAuthorizer.class, WhitelistAuthorizer.class).withId("WhitelistAuthorizer");
<br>+ binder.bind(AssetPathAuthorizer.class, RegexAuthorizer.class).withId("RegexAuthorizer");
<br> }
<br>
<br> // ========================================================================
<br>@@ -1385,6 +1388,7 @@
<br> * and forwards onto the {@link ComponentEventRequestHandler}</dd> </dl>
<br> */
<br> public void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration,
<br>+ @InjectService("AssetProtectionDispatcher") Dispatcher assetProt,
<br> ObjectLocator locator)
<br> {
<br> // Looks for the root path and renders the start page. This is maintained for compatibility
<br>@@ -1394,6 +1398,9 @@
<br> locator.autobuild(RootPathDispatcher.class),
<br> "before:Asset");
<br>
<br>+ //this goes before asset to make sure that only allowed assets are streamed to the client.
<br>+ configuration.add("AssetProtection", assetProt, "before:Asset");
<br>+
<br> // This goes first because an asset to be streamed may have an file extension, such as
<br> // ".html", that will confuse the later dispatchers.
<br>
<br>@@ -2157,4 +2164,38 @@
<br>
<br> return service;
<br> }
<br>+
<br>+ /**
<br>+ * Contributes the default set of AssetPathAuthorizers into the AssetProtectionDispatcher.
<br>+ * @param whitelist authorization based on explicit whitelisting.
<br>+ * @param regex authorization based on pattern matching.
<br>+ * @param conf
<br>+ */
<br>+ public static void contributeAssetProtectionDispatcher(
<br>+ @InjectService("WhitelistAuthorizer") AssetPathAuthorizer whitelist,
<br>+ @InjectService("RegexAuthorizer") AssetPathAuthorizer regex,
<br>+ OrderedConfiguration<AssetPathAuthorizer> conf)
<br>+ {
<br>+ //putting whitelist after everything ensures that, in fact, nothing falls through.
<br>+ //also ensures that whitelist gives other authorizers the chance to act...
<br>+ conf.add("regex",regex,"before:whitelist");
<br>+ conf.add("whitelist", whitelist,"after:*");
<br>+ }
<br>+
<br>+ public void contributeRegexAuthorizer(Configuration<String> regex,
<br>+ @Symbol("tapestry.scriptaculous.path") String scriptPath,
<br>+ @Symbol("tapestry.datepicker.path") String datepickerPath)
<br>+ {
<br>+ //allow any js, jpg, jpeg, png, or css under org/chenillekit/tapstry. The funky bit of ([^/.]+/)* is what allows
<br>+ //multiple paths, while not allowing any of those paths to contains ./ or ../ thereby preventing paths like:
<br>+ //org/chenillekit/tapestry/../../../foo.js
<br>+ String pathPattern = "([^/.]+/)*[^/.]+\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
<br>+ regex.add("^org/chenillekit/tapestry/" + pathPattern);
<br>+
<br>+ regex.add("^org/apache/tapestry5/" + pathPattern);
<br>+
<br>+ regex.add(datepickerPath + "/" + pathPattern);
<br>+ regex.add(scriptPath + "/" + pathPattern);
<br>+ }
<br>+
<br> }
<br><br>Modified: tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834180&r1=834179&r2=834180&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834180&r1=834179&r2=834180&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java (original)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java Mon Nov 9 19:28:32 2009
<br>@@ -238,4 +238,22 @@
<br> {
<br> configuration.add("ReverseStringsWorker", new ReverseStringsWorker());
<br> }
<br>+
<br>+ public static void contributeRegexAuthorizer(Configuration<String> configuration) {
<br>+ //use this rather than a blanket regex (^.*.jpg$, etc.); want to be sure that tests pass from the default
<br>+ //configuration setup, (eg: this way, I realized that the "virtual" assets folder
<br>+ //needed to be opened up in the tapestry-provided contributions) rather than from some blanket configuration in the appmodule
<br>+ //opening up all css, js, etc. files.
<br>+ //would contribute to whitelist except that the resource path between ctxt and the rest of the path can change.
<br>+ configuration.add("^ctx/[^/]+/css/app\\.css$");
<br>+ configuration.add("^ctx/[^/]+/layout/style\\.css$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/bg\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/header\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/rightsmall\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/rightbig\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/bottom\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/footer\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/images/tapestry_banner\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/images/asf_logo_wide\\.gif$");
<br>+ }
<br> }
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,92 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import static org.easymock.EasyMock.createMock;
<br>+import static org.easymock.EasyMock.expect;
<br>+import static org.easymock.EasyMock.*;
<br>+
<br>+import java.io.IOException;
<br>+import java.util.ArrayList;
<br>+import java.util.Arrays;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+
<br>+import javax.servlet.http.HttpServletResponse;
<br>+
<br>+import org.apache.tapestry5.internal.services.RequestConstants;
<br>+import org.apache.tapestry5.internal.services.AssetProtectionDispatcher;
<br>+import org.apache.tapestry5.services.ClasspathAssetAliasManager;
<br>+import org.apache.tapestry5.services.Request;
<br>+import org.apache.tapestry5.services.Response;
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.slf4j.Logger;
<br>+
<br>+public class AssetProtectionDispatcherTest extends Assert
<br>+{
<br>+
<br>+ @Test
<br>+ public void ignores_nonassets() throws IOException
<br>+ {
<br>+ //shouldn't need any configuration here...
<br>+ List<AssetPathAuthorizer> auths = Collections.emptyList();
<br>+ Logger logger = createMock(Logger.class);
<br>+ AssetProtectionDispatcher disp = new AssetProtectionDispatcher(auths,null,logger);
<br>+ Request request = createMock(Request.class);
<br>+ expect(request.getPath()).andReturn("start");
<br>+ Response response = createMock(Response.class);
<br>+ replay(request,response,logger);
<br>+ assertFalse(disp.dispatch(request, response));
<br>+ verify(request,response,logger);
<br>+ }
<br>+
<br>+ @Test
<br>+ public void checks_authorizers() throws IOException
<br>+ {
<br>+ Logger logger = createMock(Logger.class);
<br>+ List<AssetPathAuthorizer> auths = new ArrayList<AssetPathAuthorizer>();
<br>+ AssetPathAuthorizer auth = createMock(AssetPathAuthorizer.class);
<br>+
<br>+ expect(auth.order()).andReturn(Arrays.asList(AssetPathAuthorizer.Order.ALLOW, AssetPathAuthorizer.Order.DENY)).times(2);
<br>+
<br>+ expect(auth.accessAllowed("/cayenne.xml")).andReturn(false);
<br>+ expect(auth.accessDenied("/cayenne.xml")).andReturn(true);
<br>+ expect(auth.accessAllowed("/org/apache/tapestry/default.css")).andReturn(true);
<br>+ auths.add(auth);
<br>+
<br>+ logger.debug("Denying access to /cayenne.xml");
<br>+ logger.debug("Allowing access to /org/apache/tapestry/default.css");
<br>+
<br>+ Request request = createMock(Request.class);
<br>+ Response response = createMock(Response.class);
<br>+ expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX + "/cayenne.xml");
<br>+ expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX + "/org/apache/tapestry/default.css");
<br>+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "/cayenne.xml");
<br>+
<br>+ ClasspathAssetAliasManager manager = createMock(ClasspathAssetAliasManager.class);
<br>+ expect(manager.toResourcePath(RequestConstants.ASSET_PATH_PREFIX + "/cayenne.xml")).andReturn("/cayenne.xml");
<br>+ expect(manager.toResourcePath(
<br>+ RequestConstants.ASSET_PATH_PREFIX + "/org/apache/tapestry/default.css"))
<br>+ .andReturn("/org/apache/tapestry/default.css");
<br>+ replay(auth,request,response,manager,logger);
<br>+ AssetProtectionDispatcher disp = new AssetProtectionDispatcher(auths,manager,logger);
<br>+
<br>+ assertTrue(disp.dispatch(request,response));
<br>+ assertFalse(disp.dispatch(request, response));
<br>+ verify(auth,request,response,logger);
<br>+ }
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,53 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.util.Arrays;
<br>+import java.util.List;
<br>+
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.apache.tapestry5.internal.services.RegexAuthorizer;
<br>+
<br>+public class RegexAuthorizerTest extends Assert
<br>+{
<br>+
<br>+ @Test
<br>+ public void test_regexes()
<br>+ {
<br>+ List<String> patterns = Arrays.asList("^.*\\.png$","^.*\\.jpg","^.*\\.jpeg");
<br>+ RegexAuthorizer auth = new RegexAuthorizer(patterns);
<br>+ String pkg = "assets/com/saiwaisolutions/resources/";
<br>+ String png = pkg + "foo.png";
<br>+ String jpg = pkg + "foo.jpg";
<br>+ String jpeg = pkg + "foo.jpeg";
<br>+ String xml = pkg + "foo.xml";
<br>+ test(auth,png,true);
<br>+ test(auth,jpg,true);
<br>+ test(auth,jpeg,true);
<br>+ test(auth,xml,false);
<br>+ }
<br>+
<br>+ private static void test(RegexAuthorizer auth, String one,boolean allowed)
<br>+ {
<br>+ assertEquals(auth.accessAllowed(one),allowed);
<br>+ assertEquals(
<br>+ auth.accessAllowed(
<br>+ "<a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a>" + one),
<br>+ allowed);
<br>+ assertFalse(auth.accessDenied(one));
<br>+ assertFalse(auth.accessDenied("<a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a>" + one));
<br>+ }
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834180&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834180&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java (added)
<br>+++ tapestry/tapestry5/branches/5.0/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java Mon Nov 9 19:28:32 2009
<br>@@ -0,0 +1,45 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+/*
<br>+ * Created on Jul 28, 2007
<br>+ *
<br>+ *
<br>+ */
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.util.Arrays;
<br>+
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.apache.tapestry5.internal.services.WhitelistAuthorizer;
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+public class WhitelistAuthorizerTest extends Assert {
<br>+
<br>+ @Test
<br>+ public void run()
<br>+ {
<br>+ WhitelistAuthorizer auth = new WhitelistAuthorizer(Arrays.asList("foo"));
<br>+ assertEquals(auth.order().get(0), AssetPathAuthorizer.Order.ALLOW);
<br>+ assertEquals(auth.order().get(1), AssetPathAuthorizer.Order.DENY);
<br>+ assertEquals(auth.order().size(),2);
<br>+ assertTrue(auth.accessAllowed("foo"));
<br>+ assertFalse(auth.accessDenied("foo"));
<br>+
<br>+ assertFalse(auth.accessAllowed("bar"));
<br>+ assertTrue(auth.accessDenied("bar"));
<br>+ }
<br>+
<br>+}
<br><br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---Dev-f339.html" embed="fixTarget[339]" target="_top" >Tapestry - Dev</a></p>tag:old.nabble.com,2006:post-26272234Re: beaneditform question2009-11-09T11:27:04Z2009-11-09T11:27:04ZJonhy PearI'm experimenting your code but I'm blocked :(
<br><br>I have in my page.java
<br>@Property
<br>private String password;
<br>@Property
<br>private String confirmPassword;
<br><br>in my tml:
<br><form t:id="userRegistrationForm" t:type="beaneditform" object="user"
<br>add="password, confirmPassword" exclude="id, active">
<br><br><p:passsword>
<br><t:label for="password" />
<br><t:passwordfield t:id="password" validate="required" />
<br></p:passsword>
<br> <p:confirmPassword>
<br><t:label for="confirmPassword" />
<br><t:passwordfield t:id="confirmPassword" validate="required" />
<br></p:confirmPassword>
<br></form>
<br><br>But I get this error:
<br><br>Render queue error in
<br>BeginRender[user/New:userregistrationform.editor.propertyeditor]: The data
<br>type for property 'password' of org.code.sandbox.model.User@d9973a is null.
<br>*
<br>*
<br>*Can you help me?*
<br><br>On Mon, Nov 9, 2009 at 4:13 PM, ningdh <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272234&i=0" target="_top" rel="nofollow">ningdhcn@...</a>> wrote:
<br><div class='shrinkable-quote'><br>> I am sorry that "Object onValidate" should be "Object onValidateForm".
<br>>
<br>> DH
<br>>
<br>> ----- Original Message -----
<br>> From: "João Pereira"
<br>> To: "Tapestry users" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272234&i=1" target="_top" rel="nofollow">users@...</a>>
<br>> Sent: Monday, November 09, 2009 11:53 PM
<br>> Subject: Re: beaneditform question
<br>>
<br>>
<br>> Thank you.
<br>>
<br>>
<br>> On Mon, Nov 9, 2009 at 1:50 AM, DH <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272234&i=2" target="_top" rel="nofollow">ningdhcn@...</a>> wrote:
<br>>
<br>> > Hi
<br>> >
<br>> > Simple sample(t5.1):
<br>> >
<br>> > In tml:
<br>> > <form t:id="regForm" t:type="beaneditform" object="user"
<br>> > include="nick,firstName,lastName" add="password,retypePassword">
<br>> > <p:password>
<br>> > <t:label for="password"/>
<br>> > <t:passwordfield t:id="password" validate="required">
<br>> > </p:password>
<br>> > <p:retypePassword>
<br>> > <t:label for="retypePassword"/>
<br>> > <t:passwordfield t:id="retypePassword" validate="required">
<br>> > </p:retypePassword>
<br>> > </form>
<br>> >
<br>> > In java:
<br>> >
<br>> > @Component
<br>> > private BeanEditForm regForm;
<br>> >
<br>> > @Property
<br>> > private User user; // your user entity
<br>> >
<br>> > @Property
<br>> > private String password;
<br>> >
<br>> > @Property
<br>> > private String retypePassword;
<br>> >
<br>> > Object onValidate() {
<br>> > if (!password.equals(retypePassword)) {
<br>> > regForm.recordError("password and retypepassword must be == ");
<br>> > return this; // meaning validation failed
<br>> > }
<br>> > return null; // validation successfully.
<br>> > }
<br>> >
<br>> > Object onSuccess() {
<br>> > user.setPassword(encodeutil.encode(password));
<br>> > service.save(user);
<br>> > return successpage or other;
<br>> > }
<br>> >
<br>> > DH
<br>> > <a href="http://www.gaonline.com.cn" target="_top" rel="nofollow">http://www.gaonline.com.cn</a><br>>
<br></div><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26272041Re: Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T11:13:53Z2009-11-09T11:13:53ZSergey DidenkoI would prioritize the directions in the following way:
<br><br>1) T5.1.1.x with important bugfixes
<br><br>2) The website ( the future book can be just a compilation and
<br>extension of website materials)
<br><br>3-4) T5.2 and book
<br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272041&i=0" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26272041&i=1" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26271971Re: Complete Sample Tapestry Application2009-11-09T11:09:25Z2009-11-09T11:09:25ZMichael Gentry-2JumpStart Examples:
<br><br><a href="http://jumpstart.doublenegative.com.au:8080/jumpstart/examples" target="_top" rel="nofollow">http://jumpstart.doublenegative.com.au:8080/jumpstart/examples</a><br><br><br>On Mon, Nov 9, 2009 at 2:00 PM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=0" target="_top" rel="nofollow">jonhy.pear@...</a>> wrote:
<div class='shrinkable-quote'><br>> Thanks for the link.
<br>>
<br>> I've started with the Maven archetype.
<br>>
<br>> Where is the Jumpstart app you mention? can you send me that link?
<br>>
<br>> On Mon, Nov 9, 2009 at 4:12 PM, Howard Lewis Ship <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=1" target="_top" rel="nofollow">hlship@...</a>> wrote:
<br>>
<br>>> There's several options.
<br>>>
<br>>> You can use the Tapestry Quickstart archetype (i.e., maven template).
<br>>>
<br>>> You can use the Jumpstart which is a more complete application
<br>>> template & tutorial.
<br>>>
<br>>> Here's a small example I use in my presentations:
<br>>> <a href="http://github.com/hlship/t5intro" target="_top" rel="nofollow">http://github.com/hlship/t5intro</a><br>>>
<br>>> Please check the Tapestry web site for more links.
<br>>>
<br>>> On Mon, Nov 9, 2009 at 7:55 AM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=2" target="_top" rel="nofollow">jonhy.pear@...</a>> wrote:
<br>>> > Hello all,
<br>>> >
<br>>> > Is there any fully functional Web application in Tapestry5 that can be
<br>>> used
<br>>> > as a guide to bootstrap our skills in Tapestry5?
<br>>> >
<br>>> > Thank you
<br>>> >
<br>>>
<br>>>
<br>>>
<br>>> --
<br>>> Howard M. Lewis Ship
<br>>>
<br>>> Creator of Apache Tapestry
<br>>>
<br>>> The source for Tapestry training, mentoring and support. Contact me to
<br>>> learn how I can get you up and productive in Tapestry fast!
<br>>>
<br>>> (971) 678-5210
<br>>> <a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br>>>
<br>>> ---------------------------------------------------------------------
<br>>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=3" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=4" target="_top" rel="nofollow">users-help@...</a>
<br>>>
<br>>>
<br>>
</div><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=5" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271971&i=6" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26271828Re: Complete Sample Tapestry Application2009-11-09T11:00:52Z2009-11-09T11:00:52ZJonhy PearThanks for the link.
<br><br>I've started with the Maven archetype.
<br><br>Where is the Jumpstart app you mention? can you send me that link?
<br><br>On Mon, Nov 9, 2009 at 4:12 PM, Howard Lewis Ship <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271828&i=0" target="_top" rel="nofollow">hlship@...</a>> wrote:
<br><div class='shrinkable-quote'><br>> There's several options.
<br>>
<br>> You can use the Tapestry Quickstart archetype (i.e., maven template).
<br>>
<br>> You can use the Jumpstart which is a more complete application
<br>> template & tutorial.
<br>>
<br>> Here's a small example I use in my presentations:
<br>> <a href="http://github.com/hlship/t5intro" target="_top" rel="nofollow">http://github.com/hlship/t5intro</a><br>>
<br>> Please check the Tapestry web site for more links.
<br>>
<br>> On Mon, Nov 9, 2009 at 7:55 AM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271828&i=1" target="_top" rel="nofollow">jonhy.pear@...</a>> wrote:
<br>> > Hello all,
<br>> >
<br>> > Is there any fully functional Web application in Tapestry5 that can be
<br>> used
<br>> > as a guide to bootstrap our skills in Tapestry5?
<br>> >
<br>> > Thank you
<br>> >
<br>>
<br>>
<br>>
<br>> --
<br>> Howard M. Lewis Ship
<br>>
<br>> Creator of Apache Tapestry
<br>>
<br>> The source for Tapestry training, mentoring and support. Contact me to
<br>> learn how I can get you up and productive in Tapestry fast!
<br>>
<br>> (971) 678-5210
<br>> <a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271828&i=2" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26271828&i=3" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
<br></div><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26271415LinkSubmit problem - invalid form action2009-11-09T10:38:10Z2009-11-09T10:38:10Zshymon<br>Hi,
<br><br>I use LinkSubmit on two pages of my app. On one page it works fine but on the other it's not; when I click on that link nothing happens. The only difference I have noticed is in form action generated by T5. On "working" page it looks like:
<br><br> action="/appContext/pageName.formId"
<br><br>and on "not-working" page
<br><br> action="pageName.formId"
<br><br>What can cause this problem?<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26271292svn commit: r834167 - in /tapestry/tapestry5/branches/5.1.0.x-dev: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache...2009-11-09T10:26:49Z2009-11-09T10:26:49ZrobertdzeiglerAuthor: robertdzeigler
<br>Date: Mon Nov 9 18:26:48 2009
<br>New Revision: 834167
<br><br>URL: <a href="http://svn.apache.org/viewvc?rev=834167&view=rev" target="_top" rel="nofollow">http://svn.apache.org/viewvc?rev=834167&view=rev</a><br>Log:
<br>TAP5-815: Asset dispatcher allows any file inside the webapp visible and downloadable (5.1 branch)
<br><br>Added:
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
<br>Modified:
<br> tapestry/tapestry5/branches/5.1.0.x-dev/src/site/apt/guide/assets.apt
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
<br> tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
<br><br>Modified: tapestry/tapestry5/branches/5.1.0.x-dev/src/site/apt/guide/assets.apt
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/src/site/apt/guide/assets.apt?rev=834167&r1=834166&r2=834167&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/src/site/apt/guide/assets.apt?rev=834167&r1=834166&r2=834167&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/src/site/apt/guide/assets.apt (original)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/src/site/apt/guide/assets.apt Mon Nov 9 18:26:48 2009
<br>@@ -138,6 +138,31 @@
<br> In addition, context assets will use the URL prefix <<</assets/ctx/>>><app-version><<</>>>.
<br>
<br>
<br>+Securing Assets
<br>+
<br>+ Securing assets is an important consideration for any web application. Many assets, such as hibernate configuration
<br>+ files, sit in the classpath and are exposable via the Asset service, which is not desirable. To protect these and
<br>+ other sensitive assets, Tapestry provides the AssetProtectionDispatcher. This dispatcher sits in front of the
<br>+ AssetDispatcher, the service responsible for streaming assets to the client, and watches for Asset requests.
<br>+ When an asset request comes in, the protection dispatcher checks for authorization to view the file against a
<br>+ contributed list of AssetPathAuthorizer implementations. Determination of whether the client can view the requested
<br>+ resource is then made based on whether any of the contributed AssetPathAuthorizer implementations explicitly allowed
<br>+ or denied access to the resource.
<br>+
<br>+ Tapestry provides two AssetPathAuthorizer implemenations "out of the box" to which users may contribute: RegexAuthorizer
<br>+ and WhitelistAuthorizer. RegexAuthorizer uses regular expressions to determine assets which are viewable by the
<br>+ client; any assets that match one of its (contributed) regular expressions are authorized. Anything not matched is
<br>+ passed through to the WhitelistAuthorizer. WhitelistAuthorizer uses an exact-matching whitelist. Anything matching
<br>+ exactly one its contributions is allowed; all other asset requests are denied. The default tapestry configuration
<br>+ contributes nothing to WhitelistAuthorizer (access will be denied to all asset requests passed through to it), and
<br>+ explicitly allows access to css, jpg, jpeg, js, png, and gif files associated with tapestry (tapestry.js, blackbird
<br>+ files, date picker files, etc.). The default contribution also enables access to the css, jpg, jpeg, js, png, and gif
<br>+ files provided by the popular chenille-kit 3rd party library. The default configuration denies access to all other
<br>+ assets. To enable access to your application's assets, either contribute a custom AssetPathAnalyzer, or contribute
<br>+ appropriate regular expression or exact path contributions to RegexAuthorizer or WhitelistAuthorizer, respectively.
<br>+ See TapestryModule.contribteRegexAuthorizer for examples.
<br>+
<br>+
<br> Performance Notes
<br>
<br> Assets are expected to be entirely static (not changing while the application is deployed). When Tapestry generates a URL
<br>@@ -146,4 +171,4 @@
<br> asset.
<br>
<br> In addition, Tapestry will {{{compress.html}GZIP compress}} the content of <all> assets (if the asset
<br>- is compressable, and the client supports it).
<br>\ No newline at end of file
<br>+ is compressable, and the client supports it).
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,92 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.io.IOException;
<br>+import java.util.Collection;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+
<br>+import javax.servlet.http.HttpServletResponse;
<br>+
<br>+import org.apache.tapestry5.internal.services.RequestConstants;
<br>+import org.apache.tapestry5.services.*;
<br>+import org.slf4j.Logger;
<br>+
<br>+/**
<br>+ * Dispatcher that handles whether to allow or deny access to particular
<br>+ * assets. Actual work of authorizing a particular url is handled by
<br>+ * implementations of AssetPathAuthorizer. Configuration is an ordered
<br>+ * list of AssetPathAuthorizers. Each authorizer specifies an order of
<br>+ * operations as a list (see AssetPathAuthorizer.Order).
<br>+ *
<br>+ */
<br>+public class AssetProtectionDispatcher implements Dispatcher
<br>+{
<br>+
<br>+ private final Collection<AssetPathAuthorizer> authorizers;
<br>+ private final ClasspathAssetAliasManager assetAliasManager;
<br>+ private final Logger logger;
<br>+
<br>+ public AssetProtectionDispatcher(
<br>+ List<AssetPathAuthorizer> auths,
<br>+ ClasspathAssetAliasManager manager,
<br>+ Logger logger)
<br>+ {
<br>+ this.authorizers = Collections.unmodifiableList(auths);
<br>+ this.assetAliasManager = manager;
<br>+ this.logger = logger;
<br>+ }
<br>+
<br>+ public boolean dispatch(Request request, Response response)
<br>+ throws IOException
<br>+ {
<br>+ String path = request.getPath();
<br>+ //we only protect assets, and don't examine any other url's.
<br>+ if (!path.startsWith(RequestConstants.ASSET_PATH_PREFIX))
<br>+ {
<br>+ return false;
<br>+ }
<br>+ String resourcePath = assetAliasManager.toResourcePath(path);
<br>+ for(AssetPathAuthorizer auth : authorizers)
<br>+ {
<br>+ for(AssetPathAuthorizer.Order o : auth.order())
<br>+ {
<br>+ if (o == AssetPathAuthorizer.Order.ALLOW)
<br>+ {
<br>+ if (auth.accessAllowed(resourcePath))
<br>+ {
<br>+ logger.debug("Allowing access to " + resourcePath);
<br>+ return false;
<br>+ }
<br>+ }
<br>+ else
<br>+ {
<br>+ if (auth.accessDenied(resourcePath))
<br>+ {
<br>+ logger.debug("Denying access to " + resourcePath);
<br>+ response.sendError(HttpServletResponse.SC_FORBIDDEN,resourcePath);
<br>+ return true;
<br>+ }
<br>+ }
<br>+ }
<br>+ }
<br>+ //if we get here, no Authorizer had anything useful to say about the resourcePath.
<br>+ //so let it fall through.
<br>+ logger.debug("Fell through the list of authorizers. Allowing access to: " + resourcePath);
<br>+ return false;
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,76 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+import java.util.ArrayList;
<br>+import java.util.Arrays;
<br>+import java.util.Collection;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+import java.util.regex.Pattern;
<br>+
<br>+/**
<br>+ * Provides a regex-based authorization scheme for asset-access authorization.
<br>+ * Note that this implementation doesn't actually deny access to anything.
<br>+ * But it's placement within the chain of command of authorizers is just before
<br>+ * the whitelist authorizer, which has an explicit deny policy.
<br>+ * Hence, as long as the whitelist authorizer is being used in conjunction with
<br>+ * the regex authorizer, there is no need to worry about accessDenied in this authorizer.
<br>+ *
<br>+ */
<br>+public class RegexAuthorizer implements AssetPathAuthorizer
<br>+{
<br>+
<br>+ private final Collection<Pattern> _regexes;
<br>+
<br>+ public RegexAuthorizer(final Collection<String> regex)
<br>+ {
<br>+ //an alternate way to construct this would be to make sure that each pattern is grouped
<br>+ //and then to regex or the various patterns together into a single pattern.
<br>+ //that might be faster, but probably not enough to make a difference, and this is cleaner.
<br>+ List<Pattern> tmp = new ArrayList<Pattern>();
<br>+ for(String exp : regex)
<br>+ {
<br>+ tmp.add(Pattern.compile(exp));
<br>+ }
<br>+ _regexes = Collections.unmodifiableCollection(tmp);
<br>+
<br>+ }
<br>+
<br>+ public boolean accessAllowed(String resourcePath)
<br>+ {
<br>+ for(Pattern regex : _regexes)
<br>+ {
<br>+ if (regex.matcher(resourcePath).matches())
<br>+ {
<br>+ return true;
<br>+ }
<br>+ }
<br>+ return false;
<br>+ }
<br>+
<br>+ public boolean accessDenied(String resourcePath)
<br>+ {
<br>+ return false;
<br>+ }
<br>+
<br>+ public List<Order> order()
<br>+ {
<br>+ return Arrays.asList(Order.ALLOW);
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,59 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+import java.util.Arrays;
<br>+import java.util.Collection;
<br>+import java.util.List;
<br>+import java.util.Map;
<br>+import java.util.concurrent.ConcurrentHashMap;
<br>+
<br>+/**
<br>+ * AssetPathAuthorizer that determines access rights based on exact matching to a contributed whitelist.
<br>+ * Any resource not explicitly specified in the whitelist is denied access.
<br>+ */
<br>+public class WhitelistAuthorizer implements AssetPathAuthorizer
<br>+{
<br>+
<br>+ public List<Order> order()
<br>+ {
<br>+ return Arrays.asList(Order.ALLOW, Order.DENY);
<br>+ }
<br>+
<br>+ //hash the resource paths for fast lookups.
<br>+ private final Map<String, Boolean> _paths;
<br>+
<br>+ public WhitelistAuthorizer(Collection<String> paths)
<br>+ {
<br>+ _paths = new ConcurrentHashMap<String, Boolean>();
<br>+ for(String path : paths)
<br>+ {
<br>+ _paths.put(path, true);
<br>+ }
<br>+ }
<br>+
<br>+ public boolean accessAllowed(String resourcePath)
<br>+ {
<br>+ return (_paths.containsKey(resourcePath));
<br>+ }
<br>+
<br>+ public boolean accessDenied(String resourcePath)
<br>+ {
<br>+ return !_paths.containsKey(resourcePath);
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,76 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.services;
<br>+
<br>+import java.util.List;
<br>+
<br>+/**
<br>+ * Determines whether access to an asset is allowed, denied, or undetermined.
<br>+ * Each contributed authorizer makes up part of a chain of command for determining access.
<br>+ * Access is explicitly allowed if accessAllowed returns true.
<br>+ * Access is explicitly denied if accessDenied returns true.
<br>+ * Ordering depends on the order specified by the "order" parameter.
<br>+ * Hence, an implementation which specifies an order of:
<br>+ * ALLOW, DENY, and returns true from both accessAllowed and accessDenied
<br>+ * will allow access for all resources. With the same return values for the
<br>+ * access* methods but the order switched to DENY, ALLOW, access to all resources
<br>+ * would be denied. It is possible for an authorizer to have "nothing
<br>+ * to say" regarding a particular resource. If accessAllowed returns false,
<br>+ * it does not mean that access is denied, merely that it is not explicitly allowed.
<br>+ * If accessDenied returns false, it does not mean that access is allowed, merely that
<br>+ * it is not explicitly denied. Hence, if both accessAllowed and accessDenied return false,
<br>+ * control will pass to the next authorizer in the chain.
<br>+ *
<br>+ */
<br>+public interface AssetPathAuthorizer
<br>+{
<br>+
<br>+ /**
<br>+ * Types of orderings, either ALLOW or DENY.
<br>+ */
<br>+ enum Order {ALLOW, DENY;}
<br>+
<br>+ /**
<br>+ * Specify the ordering for this authorizer.
<br>+ * @return the operations for this authorizer.
<br>+ * Operations will be performed in the order returned by the iterator.
<br>+ * It is assumed that the authorizer correctly implements each form of
<br>+ * ordering returned. It is acceptable to only return only ALLOW or DENY.
<br>+ */
<br>+ List<Order> order();
<br>+
<br>+ /**
<br>+ * Determines whether a request to "resourcePath" is allowed.
<br>+ * @param resourcePath
<br>+ * @return true if access is explicitly allowed for the path. False otherwise.
<br>+ * For example, a whitelist implementation would return true if the resource
<br>+ * was listed, and false otherwise. A blacklist implementation would return
<br>+ * false regardless of whether the path was in the blacklist.
<br>+ * Alternatively, if the blacklist specified an order of DENY, ALLOW, it could
<br>+ * return true from accessAllowed if the resource was not explicitly listed in its
<br>+ * blacklist.
<br>+ */
<br>+ boolean accessAllowed(String resourcePath);
<br>+
<br>+ /**
<br>+ *
<br>+ * @param resourcePath
<br>+ * @return true if access is explicitly prohibited for the path. False otherwise.
<br>+ * For example, a whitelist implementation would return true if the resource was
<br>+ * not explicitly listed, and false otherwise. A blacklist implementation would
<br>+ * return true if the resource was explicitly denied, and false otherwise.
<br>+ */
<br>+ boolean accessDenied(String resourcePath);
<br>+}
<br><br>Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834167&r1=834166&r2=834167&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834167&r1=834166&r2=834167&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Mon Nov 9 18:26:48 2009
<br>@@ -303,6 +303,9 @@
<br> binder.bind(PageRenderLinkSource.class, PageRenderLinkSourceImpl.class);
<br> binder.bind(ClientInfrastructure.class, ClientInfrastructureImpl.class);
<br> binder.bind(URLRewriter.class, URLRewriterImpl.class);
<br>+ binder.bind(Dispatcher.class, AssetProtectionDispatcher.class).withId("AssetProtectionDispatcher");
<br>+ binder.bind(AssetPathAuthorizer.class, WhitelistAuthorizer.class).withId("WhitelistAuthorizer");
<br>+ binder.bind(AssetPathAuthorizer.class, RegexAuthorizer.class).withId("RegexAuthorizer");
<br> }
<br>
<br> // ========================================================================
<br>@@ -1548,13 +1551,17 @@
<br> * and forwards onto {@link PageRenderRequestHandler}</dd> <dt>ComponentEvent</dt> <dd>Identifies the {@link
<br> * ComponentEventRequestParameters} and forwards onto the {@link ComponentEventRequestHandler}</dd> </dl>
<br> */
<br>- public static void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration)
<br>+ public static void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration,
<br>+ @InjectService("AssetProtectionDispatcher") Dispatcher assetProt)
<br> {
<br> // Looks for the root path and renders the start page. This is maintained for compatibility
<br> // with earlier versions of Tapestry 5, it is recommended that an Index page be used instead.
<br>
<br> configuration.addInstance("RootPath", RootPathDispatcher.class, "before:Asset");
<br>
<br>+ //this goes before asset to make sure that only allowed assets are streamed to the client.
<br>+ configuration.add("AssetProtection", assetProt, "before:Asset");
<br>+
<br> // This goes first because an asset to be streamed may have an file extension, such as
<br> // ".html", that will confuse the later dispatchers.
<br>
<br>@@ -2405,4 +2412,41 @@
<br>
<br> }
<br>
<br>+ /**
<br>+ * Contributes the default set of AssetPathAuthorizers into the AssetProtectionDispatcher.
<br>+ * @param whitelist authorization based on explicit whitelisting.
<br>+ * @param regex authorization based on pattern matching.
<br>+ * @param conf
<br>+ */
<br>+ public static void contributeAssetProtectionDispatcher(
<br>+ @InjectService("WhitelistAuthorizer") AssetPathAuthorizer whitelist,
<br>+ @InjectService("RegexAuthorizer") AssetPathAuthorizer regex,
<br>+ OrderedConfiguration<AssetPathAuthorizer> conf)
<br>+ {
<br>+ //putting whitelist after everything ensures that, in fact, nothing falls through.
<br>+ //also ensures that whitelist gives other authorizers the chance to act...
<br>+ conf.add("regex",regex,"before:whitelist");
<br>+ conf.add("whitelist", whitelist,"after:*");
<br>+ }
<br>+
<br>+ public void contributeRegexAuthorizer(Configuration<String> regex,
<br>+ @Symbol("tapestry.scriptaculous.path") String scriptPath,
<br>+ @Symbol("tapestry.blackbird.path") String blackbirdPath,
<br>+ @Symbol("tapestry.datepicker.path") String datepickerPath)
<br>+ {
<br>+ //allow any js, jpg, jpeg, png, or css under org/chenillekit/tapstry. The funky bit of ([^/.]+/)* is what allows
<br>+ //multiple paths, while not allowing any of those paths to contains ./ or ../ thereby preventing paths like:
<br>+ //org/chenillekit/tapestry/../../../foo.js
<br>+ String pathPattern = "([^/.]+/)*[^/.]+\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
<br>+ regex.add("^org/chenillekit/tapestry/" + pathPattern);
<br>+
<br>+ regex.add("^org/apache/tapestry5/" + pathPattern);
<br>+
<br>+ regex.add(blackbirdPath + "/" + pathPattern);
<br>+ regex.add(datepickerPath + "/" + pathPattern);
<br>+ regex.add(scriptPath + "/" + pathPattern);
<br>+ //allow access to virtual assets. Critical for tapestry-combined js files.
<br>+ regex.add("virtual/" + pathPattern);
<br>+ }
<br>+
<br> }
<br><br>Modified: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834167&r1=834166&r2=834167&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834167&r1=834166&r2=834167&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java (original)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java Mon Nov 9 18:26:48 2009
<br>@@ -255,4 +255,22 @@
<br> {
<br> configuration.add("ReverseStringsWorker", new ReverseStringsWorker());
<br> }
<br>+
<br>+ public static void contributeRegexAuthorizer(Configuration<String> configuration) {
<br>+ //use this rather than a blanket regex (^.*.jpg$, etc.); want to be sure that tests pass from the default
<br>+ //configuration setup, (eg: this way, I realized that the "virtual" assets folder
<br>+ //needed to be opened up in the tapestry-provided contributions) rather than from some blanket configuration in the appmodule
<br>+ //opening up all css, js, etc. files.
<br>+ //would contribute to whitelist except that the resource path between ctxt and the rest of the path can change.
<br>+ configuration.add("^ctx/[^/]+/css/app\\.css$");
<br>+ configuration.add("^ctx/[^/]+/layout/style\\.css$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/bg\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/header\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/rightsmall\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/rightbig\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/bottom\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/footer\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/images/tapestry_banner\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/images/asf_logo_wide\\.gif$");
<br>+ }
<br> }
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,92 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import static org.easymock.EasyMock.createMock;
<br>+import static org.easymock.EasyMock.expect;
<br>+import static org.easymock.EasyMock.*;
<br>+
<br>+import java.io.IOException;
<br>+import java.util.ArrayList;
<br>+import java.util.Arrays;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+
<br>+import javax.servlet.http.HttpServletResponse;
<br>+
<br>+import org.apache.tapestry5.internal.services.RequestConstants;
<br>+import org.apache.tapestry5.internal.services.AssetProtectionDispatcher;
<br>+import org.apache.tapestry5.services.ClasspathAssetAliasManager;
<br>+import org.apache.tapestry5.services.Request;
<br>+import org.apache.tapestry5.services.Response;
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.slf4j.Logger;
<br>+
<br>+public class AssetProtectionDispatcherTest extends Assert
<br>+{
<br>+
<br>+ @Test
<br>+ public void ignores_nonassets() throws IOException
<br>+ {
<br>+ //shouldn't need any configuration here...
<br>+ List<AssetPathAuthorizer> auths = Collections.emptyList();
<br>+ Logger logger = createMock(Logger.class);
<br>+ AssetProtectionDispatcher disp = new AssetProtectionDispatcher(auths,null,logger);
<br>+ Request request = createMock(Request.class);
<br>+ expect(request.getPath()).andReturn("start");
<br>+ Response response = createMock(Response.class);
<br>+ replay(request,response,logger);
<br>+ assertFalse(disp.dispatch(request, response));
<br>+ verify(request,response,logger);
<br>+ }
<br>+
<br>+ @Test
<br>+ public void checks_authorizers() throws IOException
<br>+ {
<br>+ Logger logger = createMock(Logger.class);
<br>+ List<AssetPathAuthorizer> auths = new ArrayList<AssetPathAuthorizer>();
<br>+ AssetPathAuthorizer auth = createMock(AssetPathAuthorizer.class);
<br>+
<br>+ expect(auth.order()).andReturn(Arrays.asList(AssetPathAuthorizer.Order.ALLOW, AssetPathAuthorizer.Order.DENY)).times(2);
<br>+
<br>+ expect(auth.accessAllowed("/cayenne.xml")).andReturn(false);
<br>+ expect(auth.accessDenied("/cayenne.xml")).andReturn(true);
<br>+ expect(auth.accessAllowed("/org/apache/tapestry/default.css")).andReturn(true);
<br>+ auths.add(auth);
<br>+
<br>+ logger.debug("Denying access to /cayenne.xml");
<br>+ logger.debug("Allowing access to /org/apache/tapestry/default.css");
<br>+
<br>+ Request request = createMock(Request.class);
<br>+ Response response = createMock(Response.class);
<br>+ expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX + "/cayenne.xml");
<br>+ expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX + "/org/apache/tapestry/default.css");
<br>+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "/cayenne.xml");
<br>+
<br>+ ClasspathAssetAliasManager manager = createMock(ClasspathAssetAliasManager.class);
<br>+ expect(manager.toResourcePath(RequestConstants.ASSET_PATH_PREFIX + "/cayenne.xml")).andReturn("/cayenne.xml");
<br>+ expect(manager.toResourcePath(
<br>+ RequestConstants.ASSET_PATH_PREFIX + "/org/apache/tapestry/default.css"))
<br>+ .andReturn("/org/apache/tapestry/default.css");
<br>+ replay(auth,request,response,manager,logger);
<br>+ AssetProtectionDispatcher disp = new AssetProtectionDispatcher(auths,manager,logger);
<br>+
<br>+ assertTrue(disp.dispatch(request,response));
<br>+ assertFalse(disp.dispatch(request, response));
<br>+ verify(auth,request,response,logger);
<br>+ }
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,53 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.util.Arrays;
<br>+import java.util.List;
<br>+
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.apache.tapestry5.internal.services.RegexAuthorizer;
<br>+
<br>+public class RegexAuthorizerTest extends Assert
<br>+{
<br>+
<br>+ @Test
<br>+ public void test_regexes()
<br>+ {
<br>+ List<String> patterns = Arrays.asList("^.*\\.png$","^.*\\.jpg","^.*\\.jpeg");
<br>+ RegexAuthorizer auth = new RegexAuthorizer(patterns);
<br>+ String pkg = "assets/com/saiwaisolutions/resources/";
<br>+ String png = pkg + "foo.png";
<br>+ String jpg = pkg + "foo.jpg";
<br>+ String jpeg = pkg + "foo.jpeg";
<br>+ String xml = pkg + "foo.xml";
<br>+ test(auth,png,true);
<br>+ test(auth,jpg,true);
<br>+ test(auth,jpeg,true);
<br>+ test(auth,xml,false);
<br>+ }
<br>+
<br>+ private static void test(RegexAuthorizer auth, String one,boolean allowed)
<br>+ {
<br>+ assertEquals(auth.accessAllowed(one),allowed);
<br>+ assertEquals(
<br>+ auth.accessAllowed(
<br>+ "<a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a>" + one),
<br>+ allowed);
<br>+ assertFalse(auth.accessDenied(one));
<br>+ assertFalse(auth.accessDenied("<a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a>" + one));
<br>+ }
<br>+}
<br><br>Added: tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834167&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834167&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java (added)
<br>+++ tapestry/tapestry5/branches/5.1.0.x-dev/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java Mon Nov 9 18:26:48 2009
<br>@@ -0,0 +1,45 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+/*
<br>+ * Created on Jul 28, 2007
<br>+ *
<br>+ *
<br>+ */
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.util.Arrays;
<br>+
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.apache.tapestry5.internal.services.WhitelistAuthorizer;
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+public class WhitelistAuthorizerTest extends Assert {
<br>+
<br>+ @Test
<br>+ public void run()
<br>+ {
<br>+ WhitelistAuthorizer auth = new WhitelistAuthorizer(Arrays.asList("foo"));
<br>+ assertEquals(auth.order().get(0), AssetPathAuthorizer.Order.ALLOW);
<br>+ assertEquals(auth.order().get(1), AssetPathAuthorizer.Order.DENY);
<br>+ assertEquals(auth.order().size(),2);
<br>+ assertTrue(auth.accessAllowed("foo"));
<br>+ assertFalse(auth.accessDenied("foo"));
<br>+
<br>+ assertFalse(auth.accessAllowed("bar"));
<br>+ assertTrue(auth.accessDenied("bar"));
<br>+ }
<br>+
<br>+}
<br><br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---Dev-f339.html" embed="fixTarget[339]" target="_top" >Tapestry - Dev</a></p>tag:old.nabble.com,2006:post-26270226svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry5/inte...2009-11-09T09:23:18Z2009-11-09T09:23:18ZrobertdzeiglerAuthor: robertdzeigler
<br>Date: Mon Nov 9 17:23:10 2009
<br>New Revision: 834151
<br><br>URL: <a href="http://svn.apache.org/viewvc?rev=834151&view=rev" target="_top" rel="nofollow">http://svn.apache.org/viewvc?rev=834151&view=rev</a><br>Log:
<br>TAP5-815: Asset dispatcher allows any file inside the webapp visible and downloadable (5.2 branch)
<br><br>Added:
<br> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
<br>Modified:
<br> tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
<br> tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
<br> tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
<br><br>Modified: tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt?rev=834151&r1=834150&r2=834151&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt?rev=834151&r1=834150&r2=834151&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt (original)
<br>+++ tapestry/tapestry5/trunk/src/site/apt/guide/assets.apt Mon Nov 9 17:23:10 2009
<br>@@ -138,6 +138,31 @@
<br> In addition, context assets will use the URL prefix <<</assets/ctx/>>><app-version><<</>>>.
<br>
<br>
<br>+Securing Assets
<br>+
<br>+ Securing assets is an important consideration for any web application. Many assets, such as hibernate configuration
<br>+ files, sit in the classpath and are exposable via the Asset service, which is not desirable. To protect these and
<br>+ other sensitive assets, Tapestry provides the AssetProtectionDispatcher. This dispatcher sits in front of the
<br>+ AssetDispatcher, the service responsible for streaming assets to the client, and watches for Asset requests.
<br>+ When an asset request comes in, the protection dispatcher checks for authorization to view the file against a
<br>+ contributed list of AssetPathAuthorizer implementations. Determination of whether the client can view the requested
<br>+ resource is then made based on whether any of the contributed AssetPathAuthorizer implementations explicitly allowed
<br>+ or denied access to the resource.
<br>+
<br>+ Tapestry provides two AssetPathAuthorizer implemenations "out of the box" to which users may contribute: RegexAuthorizer
<br>+ and WhitelistAuthorizer. RegexAuthorizer uses regular expressions to determine assets which are viewable by the
<br>+ client; any assets that match one of its (contributed) regular expressions are authorized. Anything not matched is
<br>+ passed through to the WhitelistAuthorizer. WhitelistAuthorizer uses an exact-matching whitelist. Anything matching
<br>+ exactly one its contributions is allowed; all other asset requests are denied. The default tapestry configuration
<br>+ contributes nothing to WhitelistAuthorizer (access will be denied to all asset requests passed through to it), and
<br>+ explicitly allows access to css, jpg, jpeg, js, png, and gif files associated with tapestry (tapestry.js, blackbird
<br>+ files, date picker files, etc.). The default contribution also enables access to the css, jpg, jpeg, js, png, and gif
<br>+ files provided by the popular chenille-kit 3rd party library. The default configuration denies access to all other
<br>+ assets. To enable access to your application's assets, either contribute a custom AssetPathAnalyzer, or contribute
<br>+ appropriate regular expression or exact path contributions to RegexAuthorizer or WhitelistAuthorizer, respectively.
<br>+ See TapestryModule.contribteRegexAuthorizer for examples.
<br>+
<br>+
<br> Performance Notes
<br>
<br> Assets are expected to be entirely static (not changing while the application is deployed). When Tapestry generates a URL
<br>@@ -146,4 +171,4 @@
<br> asset.
<br>
<br> In addition, Tapestry will {{{compress.html}GZIP compress}} the content of <all> assets (if the asset
<br>- is compressable, and the client supports it).
<br>\ No newline at end of file
<br>+ is compressable, and the client supports it).
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcher.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,92 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.io.IOException;
<br>+import java.util.Collection;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+
<br>+import javax.servlet.http.HttpServletResponse;
<br>+
<br>+import org.apache.tapestry5.internal.services.RequestConstants;
<br>+import org.apache.tapestry5.services.*;
<br>+import org.slf4j.Logger;
<br>+
<br>+/**
<br>+ * Dispatcher that handles whether to allow or deny access to particular
<br>+ * assets. Actual work of authorizing a particular url is handled by
<br>+ * implementations of AssetPathAuthorizer. Configuration is an ordered
<br>+ * list of AssetPathAuthorizers. Each authorizer specifies an order of
<br>+ * operations as a list (see AssetPathAuthorizer.Order).
<br>+ *
<br>+ */
<br>+public class AssetProtectionDispatcher implements Dispatcher
<br>+{
<br>+
<br>+ private final Collection<AssetPathAuthorizer> authorizers;
<br>+ private final ClasspathAssetAliasManager assetAliasManager;
<br>+ private final Logger logger;
<br>+
<br>+ public AssetProtectionDispatcher(
<br>+ List<AssetPathAuthorizer> auths,
<br>+ ClasspathAssetAliasManager manager,
<br>+ Logger logger)
<br>+ {
<br>+ this.authorizers = Collections.unmodifiableList(auths);
<br>+ this.assetAliasManager = manager;
<br>+ this.logger = logger;
<br>+ }
<br>+
<br>+ public boolean dispatch(Request request, Response response)
<br>+ throws IOException
<br>+ {
<br>+ String path = request.getPath();
<br>+ //we only protect assets, and don't examine any other url's.
<br>+ if (!path.startsWith(RequestConstants.ASSET_PATH_PREFIX))
<br>+ {
<br>+ return false;
<br>+ }
<br>+ String resourcePath = assetAliasManager.toResourcePath(path);
<br>+ for(AssetPathAuthorizer auth : authorizers)
<br>+ {
<br>+ for(AssetPathAuthorizer.Order o : auth.order())
<br>+ {
<br>+ if (o == AssetPathAuthorizer.Order.ALLOW)
<br>+ {
<br>+ if (auth.accessAllowed(resourcePath))
<br>+ {
<br>+ logger.debug("Allowing access to " + resourcePath);
<br>+ return false;
<br>+ }
<br>+ }
<br>+ else
<br>+ {
<br>+ if (auth.accessDenied(resourcePath))
<br>+ {
<br>+ logger.debug("Denying access to " + resourcePath);
<br>+ response.sendError(HttpServletResponse.SC_FORBIDDEN,resourcePath);
<br>+ return true;
<br>+ }
<br>+ }
<br>+ }
<br>+ }
<br>+ //if we get here, no Authorizer had anything useful to say about the resourcePath.
<br>+ //so let it fall through.
<br>+ logger.debug("Fell through the list of authorizers. Allowing access to: " + resourcePath);
<br>+ return false;
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/RegexAuthorizer.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,76 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+import java.util.ArrayList;
<br>+import java.util.Arrays;
<br>+import java.util.Collection;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+import java.util.regex.Pattern;
<br>+
<br>+/**
<br>+ * Provides a regex-based authorization scheme for asset-access authorization.
<br>+ * Note that this implementation doesn't actually deny access to anything.
<br>+ * But it's placement within the chain of command of authorizers is just before
<br>+ * the whitelist authorizer, which has an explicit deny policy.
<br>+ * Hence, as long as the whitelist authorizer is being used in conjunction with
<br>+ * the regex authorizer, there is no need to worry about accessDenied in this authorizer.
<br>+ *
<br>+ */
<br>+public class RegexAuthorizer implements AssetPathAuthorizer
<br>+{
<br>+
<br>+ private final Collection<Pattern> _regexes;
<br>+
<br>+ public RegexAuthorizer(final Collection<String> regex)
<br>+ {
<br>+ //an alternate way to construct this would be to make sure that each pattern is grouped
<br>+ //and then to regex or the various patterns together into a single pattern.
<br>+ //that might be faster, but probably not enough to make a difference, and this is cleaner.
<br>+ List<Pattern> tmp = new ArrayList<Pattern>();
<br>+ for(String exp : regex)
<br>+ {
<br>+ tmp.add(Pattern.compile(exp));
<br>+ }
<br>+ _regexes = Collections.unmodifiableCollection(tmp);
<br>+
<br>+ }
<br>+
<br>+ public boolean accessAllowed(String resourcePath)
<br>+ {
<br>+ for(Pattern regex : _regexes)
<br>+ {
<br>+ if (regex.matcher(resourcePath).matches())
<br>+ {
<br>+ return true;
<br>+ }
<br>+ }
<br>+ return false;
<br>+ }
<br>+
<br>+ public boolean accessDenied(String resourcePath)
<br>+ {
<br>+ return false;
<br>+ }
<br>+
<br>+ public List<Order> order()
<br>+ {
<br>+ return Arrays.asList(Order.ALLOW);
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/WhitelistAuthorizer.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,59 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+import java.util.Arrays;
<br>+import java.util.Collection;
<br>+import java.util.List;
<br>+import java.util.Map;
<br>+import java.util.concurrent.ConcurrentHashMap;
<br>+
<br>+/**
<br>+ * AssetPathAuthorizer that determines access rights based on exact matching to a contributed whitelist.
<br>+ * Any resource not explicitly specified in the whitelist is denied access.
<br>+ */
<br>+public class WhitelistAuthorizer implements AssetPathAuthorizer
<br>+{
<br>+
<br>+ public List<Order> order()
<br>+ {
<br>+ return Arrays.asList(Order.ALLOW, Order.DENY);
<br>+ }
<br>+
<br>+ //hash the resource paths for fast lookups.
<br>+ private final Map<String, Boolean> _paths;
<br>+
<br>+ public WhitelistAuthorizer(Collection<String> paths)
<br>+ {
<br>+ _paths = new ConcurrentHashMap<String, Boolean>();
<br>+ for(String path : paths)
<br>+ {
<br>+ _paths.put(path, true);
<br>+ }
<br>+ }
<br>+
<br>+ public boolean accessAllowed(String resourcePath)
<br>+ {
<br>+ return (_paths.containsKey(resourcePath));
<br>+ }
<br>+
<br>+ public boolean accessDenied(String resourcePath)
<br>+ {
<br>+ return !_paths.containsKey(resourcePath);
<br>+ }
<br>+
<br>+}
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/AssetPathAuthorizer.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,76 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.services;
<br>+
<br>+import java.util.List;
<br>+
<br>+/**
<br>+ * Determines whether access to an asset is allowed, denied, or undetermined.
<br>+ * Each contributed authorizer makes up part of a chain of command for determining access.
<br>+ * Access is explicitly allowed if accessAllowed returns true.
<br>+ * Access is explicitly denied if accessDenied returns true.
<br>+ * Ordering depends on the order specified by the "order" parameter.
<br>+ * Hence, an implementation which specifies an order of:
<br>+ * ALLOW, DENY, and returns true from both accessAllowed and accessDenied
<br>+ * will allow access for all resources. With the same return values for the
<br>+ * access* methods but the order switched to DENY, ALLOW, access to all resources
<br>+ * would be denied. It is possible for an authorizer to have "nothing
<br>+ * to say" regarding a particular resource. If accessAllowed returns false,
<br>+ * it does not mean that access is denied, merely that it is not explicitly allowed.
<br>+ * If accessDenied returns false, it does not mean that access is allowed, merely that
<br>+ * it is not explicitly denied. Hence, if both accessAllowed and accessDenied return false,
<br>+ * control will pass to the next authorizer in the chain.
<br>+ *
<br>+ */
<br>+public interface AssetPathAuthorizer
<br>+{
<br>+
<br>+ /**
<br>+ * Types of orderings, either ALLOW or DENY.
<br>+ */
<br>+ enum Order {ALLOW, DENY;}
<br>+
<br>+ /**
<br>+ * Specify the ordering for this authorizer.
<br>+ * @return the operations for this authorizer.
<br>+ * Operations will be performed in the order returned by the iterator.
<br>+ * It is assumed that the authorizer correctly implements each form of
<br>+ * ordering returned. It is acceptable to only return only ALLOW or DENY.
<br>+ */
<br>+ List<Order> order();
<br>+
<br>+ /**
<br>+ * Determines whether a request to "resourcePath" is allowed.
<br>+ * @param resourcePath
<br>+ * @return true if access is explicitly allowed for the path. False otherwise.
<br>+ * For example, a whitelist implementation would return true if the resource
<br>+ * was listed, and false otherwise. A blacklist implementation would return
<br>+ * false regardless of whether the path was in the blacklist.
<br>+ * Alternatively, if the blacklist specified an order of DENY, ALLOW, it could
<br>+ * return true from accessAllowed if the resource was not explicitly listed in its
<br>+ * blacklist.
<br>+ */
<br>+ boolean accessAllowed(String resourcePath);
<br>+
<br>+ /**
<br>+ *
<br>+ * @param resourcePath
<br>+ * @return true if access is explicitly prohibited for the path. False otherwise.
<br>+ * For example, a whitelist implementation would return true if the resource was
<br>+ * not explicitly listed, and false otherwise. A blacklist implementation would
<br>+ * return true if the resource was explicitly denied, and false otherwise.
<br>+ */
<br>+ boolean accessDenied(String resourcePath);
<br>+}
<br><br>Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834151&r1=834150&r2=834151&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java?rev=834151&r1=834150&r2=834151&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java (original)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/services/TapestryModule.java Mon Nov 9 17:23:10 2009
<br>@@ -305,6 +305,9 @@
<br> binder.bind(PageRenderLinkSource.class, PageRenderLinkSourceImpl.class);
<br> binder.bind(ClientInfrastructure.class, ClientInfrastructureImpl.class);
<br> binder.bind(URLRewriter.class, URLRewriterImpl.class);
<br>+ binder.bind(Dispatcher.class, AssetProtectionDispatcher.class).withId("AssetProtectionDispatcher");
<br>+ binder.bind(AssetPathAuthorizer.class, WhitelistAuthorizer.class).withId("WhitelistAuthorizer");
<br>+ binder.bind(AssetPathAuthorizer.class, RegexAuthorizer.class).withId("RegexAuthorizer");
<br> }
<br>
<br> // ========================================================================
<br>@@ -1572,13 +1575,17 @@
<br> * and forwards onto {@link PageRenderRequestHandler}</dd> <dt>ComponentEvent</dt> <dd>Identifies the {@link
<br> * ComponentEventRequestParameters} and forwards onto the {@link ComponentEventRequestHandler}</dd> </dl>
<br> */
<br>- public static void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration)
<br>+ public static void contributeMasterDispatcher(OrderedConfiguration<Dispatcher> configuration,
<br>+ @InjectService("AssetProtectionDispatcher") Dispatcher assetProt)
<br> {
<br> // Looks for the root path and renders the start page. This is maintained for compatibility
<br> // with earlier versions of Tapestry 5, it is recommended that an Index page be used instead.
<br>
<br> configuration.addInstance("RootPath", RootPathDispatcher.class, "before:Asset");
<br>
<br>+ //this goes before asset to make sure that only allowed assets are streamed to the client.
<br>+ configuration.add("AssetProtection", assetProt, "before:Asset");
<br>+
<br> // This goes first because an asset to be streamed may have an file extension, such as
<br> // ".html", that will confuse the later dispatchers.
<br>
<br>@@ -1591,6 +1598,7 @@
<br> configuration.addInstance("PageRender", PageRenderDispatcher.class);
<br> }
<br>
<br>+
<br> /**
<br> * Contributes a default object renderer for type Object, plus specialized renderers for {@link
<br> * org.apache.tapestry5.services.Request}, {@link org.apache.tapestry5.ioc.Location}, {@link
<br>@@ -2480,4 +2488,41 @@
<br> };
<br> }
<br>
<br>+ /**
<br>+ * Contributes the default set of AssetPathAuthorizers into the AssetProtectionDispatcher.
<br>+ * @param whitelist authorization based on explicit whitelisting.
<br>+ * @param regex authorization based on pattern matching.
<br>+ * @param conf
<br>+ */
<br>+ public static void contributeAssetProtectionDispatcher(
<br>+ @InjectService("WhitelistAuthorizer") AssetPathAuthorizer whitelist,
<br>+ @InjectService("RegexAuthorizer") AssetPathAuthorizer regex,
<br>+ OrderedConfiguration<AssetPathAuthorizer> conf)
<br>+ {
<br>+ //putting whitelist after everything ensures that, in fact, nothing falls through.
<br>+ //also ensures that whitelist gives other authorizers the chance to act...
<br>+ conf.add("regex",regex,"before:whitelist");
<br>+ conf.add("whitelist", whitelist,"after:*");
<br>+ }
<br>+
<br>+ public void contributeRegexAuthorizer(Configuration<String> regex,
<br>+ @Symbol("tapestry.scriptaculous.path") String scriptPath,
<br>+ @Symbol("tapestry.blackbird.path") String blackbirdPath,
<br>+ @Symbol("tapestry.datepicker.path") String datepickerPath)
<br>+ {
<br>+ //allow any js, jpg, jpeg, png, or css under org/chenillekit/tapstry. The funky bit of ([^/.]+/)* is what allows
<br>+ //multiple paths, while not allowing any of those paths to contains ./ or ../ thereby preventing paths like:
<br>+ //org/chenillekit/tapestry/../../../foo.js
<br>+ String pathPattern = "([^/.]+/)*[^/.]+\\.((css)|(js)|(jpg)|(jpeg)|(png)|(gif))$";
<br>+ regex.add("^org/chenillekit/tapestry/" + pathPattern);
<br>+
<br>+ regex.add("^org/apache/tapestry5/" + pathPattern);
<br>+
<br>+ regex.add(blackbirdPath + "/" + pathPattern);
<br>+ regex.add(datepickerPath + "/" + pathPattern);
<br>+ regex.add(scriptPath + "/" + pathPattern);
<br>+ //allow access to virtual assets. Critical for tapestry-combined js files.
<br>+ regex.add("virtual/" + pathPattern);
<br>+ }
<br>+
<br> }
<br><br>Modified: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834151&r1=834150&r2=834151&view=diff" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java?rev=834151&r1=834150&r2=834151&view=diff</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java (original)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/integration/app1/services/AppModule.java Mon Nov 9 17:23:10 2009
<br>@@ -257,4 +257,22 @@
<br> {
<br> configuration.add("ReverseStringsWorker", new ReverseStringsWorker());
<br> }
<br>+
<br>+ public static void contributeRegexAuthorizer(Configuration<String> configuration) {
<br>+ //use this rather than a blanket regex (^.*.jpg$, etc.); want to be sure that tests pass from the default
<br>+ //configuration setup, (eg: this way, I realized that the "virtual" assets folder
<br>+ //needed to be opened up in the tapestry-provided contributions) rather than from some blanket configuration in the appmodule
<br>+ //opening up all css, js, etc. files.
<br>+ //would contribute to whitelist except that the resource path between ctxt and the rest of the path can change.
<br>+ configuration.add("^ctx/[^/]+/css/app\\.css$");
<br>+ configuration.add("^ctx/[^/]+/layout/style\\.css$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/bg\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/header\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/rightsmall\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/rightbig\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/bottom\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/layout/images/footer\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/images/tapestry_banner\\.gif$");
<br>+ configuration.add("^ctx/[^/]+/images/asf_logo_wide\\.gif$");
<br>+ }
<br> }
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/AssetProtectionDispatcherTest.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,92 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import static org.easymock.EasyMock.createMock;
<br>+import static org.easymock.EasyMock.expect;
<br>+import static org.easymock.EasyMock.*;
<br>+
<br>+import java.io.IOException;
<br>+import java.util.ArrayList;
<br>+import java.util.Arrays;
<br>+import java.util.Collections;
<br>+import java.util.List;
<br>+
<br>+import javax.servlet.http.HttpServletResponse;
<br>+
<br>+import org.apache.tapestry5.internal.services.RequestConstants;
<br>+import org.apache.tapestry5.internal.services.AssetProtectionDispatcher;
<br>+import org.apache.tapestry5.services.ClasspathAssetAliasManager;
<br>+import org.apache.tapestry5.services.Request;
<br>+import org.apache.tapestry5.services.Response;
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.slf4j.Logger;
<br>+
<br>+public class AssetProtectionDispatcherTest extends Assert
<br>+{
<br>+
<br>+ @Test
<br>+ public void ignores_nonassets() throws IOException
<br>+ {
<br>+ //shouldn't need any configuration here...
<br>+ List<AssetPathAuthorizer> auths = Collections.emptyList();
<br>+ Logger logger = createMock(Logger.class);
<br>+ AssetProtectionDispatcher disp = new AssetProtectionDispatcher(auths,null,logger);
<br>+ Request request = createMock(Request.class);
<br>+ expect(request.getPath()).andReturn("start");
<br>+ Response response = createMock(Response.class);
<br>+ replay(request,response,logger);
<br>+ assertFalse(disp.dispatch(request, response));
<br>+ verify(request,response,logger);
<br>+ }
<br>+
<br>+ @Test
<br>+ public void checks_authorizers() throws IOException
<br>+ {
<br>+ Logger logger = createMock(Logger.class);
<br>+ List<AssetPathAuthorizer> auths = new ArrayList<AssetPathAuthorizer>();
<br>+ AssetPathAuthorizer auth = createMock(AssetPathAuthorizer.class);
<br>+
<br>+ expect(auth.order()).andReturn(Arrays.asList(AssetPathAuthorizer.Order.ALLOW, AssetPathAuthorizer.Order.DENY)).times(2);
<br>+
<br>+ expect(auth.accessAllowed("/cayenne.xml")).andReturn(false);
<br>+ expect(auth.accessDenied("/cayenne.xml")).andReturn(true);
<br>+ expect(auth.accessAllowed("/org/apache/tapestry/default.css")).andReturn(true);
<br>+ auths.add(auth);
<br>+
<br>+ logger.debug("Denying access to /cayenne.xml");
<br>+ logger.debug("Allowing access to /org/apache/tapestry/default.css");
<br>+
<br>+ Request request = createMock(Request.class);
<br>+ Response response = createMock(Response.class);
<br>+ expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX + "/cayenne.xml");
<br>+ expect(request.getPath()).andReturn(RequestConstants.ASSET_PATH_PREFIX + "/org/apache/tapestry/default.css");
<br>+ response.sendError(HttpServletResponse.SC_FORBIDDEN, "/cayenne.xml");
<br>+
<br>+ ClasspathAssetAliasManager manager = createMock(ClasspathAssetAliasManager.class);
<br>+ expect(manager.toResourcePath(RequestConstants.ASSET_PATH_PREFIX + "/cayenne.xml")).andReturn("/cayenne.xml");
<br>+ expect(manager.toResourcePath(
<br>+ RequestConstants.ASSET_PATH_PREFIX + "/org/apache/tapestry/default.css"))
<br>+ .andReturn("/org/apache/tapestry/default.css");
<br>+ replay(auth,request,response,manager,logger);
<br>+ AssetProtectionDispatcher disp = new AssetProtectionDispatcher(auths,manager,logger);
<br>+
<br>+ assertTrue(disp.dispatch(request,response));
<br>+ assertFalse(disp.dispatch(request, response));
<br>+ verify(auth,request,response,logger);
<br>+ }
<br>+}
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/RegexAuthorizerTest.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,53 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.util.Arrays;
<br>+import java.util.List;
<br>+
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.apache.tapestry5.internal.services.RegexAuthorizer;
<br>+
<br>+public class RegexAuthorizerTest extends Assert
<br>+{
<br>+
<br>+ @Test
<br>+ public void test_regexes()
<br>+ {
<br>+ List<String> patterns = Arrays.asList("^.*\\.png$","^.*\\.jpg","^.*\\.jpeg");
<br>+ RegexAuthorizer auth = new RegexAuthorizer(patterns);
<br>+ String pkg = "assets/com/saiwaisolutions/resources/";
<br>+ String png = pkg + "foo.png";
<br>+ String jpg = pkg + "foo.jpg";
<br>+ String jpeg = pkg + "foo.jpeg";
<br>+ String xml = pkg + "foo.xml";
<br>+ test(auth,png,true);
<br>+ test(auth,jpg,true);
<br>+ test(auth,jpeg,true);
<br>+ test(auth,xml,false);
<br>+ }
<br>+
<br>+ private static void test(RegexAuthorizer auth, String one,boolean allowed)
<br>+ {
<br>+ assertEquals(auth.accessAllowed(one),allowed);
<br>+ assertEquals(
<br>+ auth.accessAllowed(
<br>+ "<a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a>" + one),
<br>+ allowed);
<br>+ assertFalse(auth.accessDenied(one));
<br>+ assertFalse(auth.accessDenied("<a href="http://localhost:8080" target="_top" rel="nofollow">http://localhost:8080</a>" + one));
<br>+ }
<br>+}
<br><br>Added: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java
<br>URL: <a href="http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834151&view=auto" target="_top" rel="nofollow">http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java?rev=834151&view=auto</a><br>==============================================================================
<br>--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java (added)
<br>+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/WhitelistAuthorizerTest.java Mon Nov 9 17:23:10 2009
<br>@@ -0,0 +1,45 @@
<br>+// Copyright 2009 The Apache Software Foundation
<br>+//
<br>+// Licensed under the Apache License, Version 2.0 (the "License");
<br>+// you may not use this file except in compliance with the License.
<br>+// You may obtain a copy of the License at
<br>+//
<br>+// <a href="http://www.apache.org/licenses/LICENSE-2.0" target="_top" rel="nofollow">http://www.apache.org/licenses/LICENSE-2.0</a><br>+//
<br>+// Unless required by applicable law or agreed to in writing, software
<br>+// distributed under the License is distributed on an "AS IS" BASIS,
<br>+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<br>+// See the License for the specific language governing permissions and
<br>+// limitations under the License.
<br>+
<br>+/*
<br>+ * Created on Jul 28, 2007
<br>+ *
<br>+ *
<br>+ */
<br>+package org.apache.tapestry5.internal.services;
<br>+
<br>+import java.util.Arrays;
<br>+
<br>+import org.testng.Assert;
<br>+import org.testng.annotations.Test;
<br>+import org.apache.tapestry5.internal.services.WhitelistAuthorizer;
<br>+import org.apache.tapestry5.services.AssetPathAuthorizer;
<br>+
<br>+public class WhitelistAuthorizerTest extends Assert {
<br>+
<br>+ @Test
<br>+ public void run()
<br>+ {
<br>+ WhitelistAuthorizer auth = new WhitelistAuthorizer(Arrays.asList("foo"));
<br>+ assertEquals(auth.order().get(0), AssetPathAuthorizer.Order.ALLOW);
<br>+ assertEquals(auth.order().get(1), AssetPathAuthorizer.Order.DENY);
<br>+ assertEquals(auth.order().size(),2);
<br>+ assertTrue(auth.accessAllowed("foo"));
<br>+ assertFalse(auth.accessDenied("foo"));
<br>+
<br>+ assertFalse(auth.accessAllowed("bar"));
<br>+ assertTrue(auth.accessDenied("bar"));
<br>+ }
<br>+
<br>+}
<br><br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---Dev-f339.html" embed="fixTarget[339]" target="_top" >Tapestry - Dev</a></p>tag:old.nabble.com,2006:post-26269707Re: TemplateParseException: Tag <> on line xxx contains more than one 'y' attribute.2009-11-09T08:52:48Z2009-11-09T08:52:48ZHoward Lewis ShipPlease take this to the users mailing list; this is the developer
<br>list, used to discuss framework development (not user support). You'll
<br>get a faster answer there.
<br><br>On Mon, Nov 9, 2009 at 7:02 AM, Rayden30
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269707&i=0" target="_top" rel="nofollow">dmourereau.ext@...</a>> wrote:
<div class='shrinkable-quote'><br>>
<br>> Hello,
<br>>
<br>>
<br>> First I m a beginer in Tapestry... Actually I m developping a webview which
<br>> has to display an ordered array as below:
<br>>
<br>> Root 1
<br>> Root 2
<br>> Root 3
<br>> |----Child1
<br>> |----Child2
<br>> |---Child 2.1
<br>> |---Child 2.2
<br>> ....
<br>> ...
<br>>
<br>> My code in local working perfectly... However when I intrated in my tapestry
<br>> application it idisplays the following exception:
<br>>
<br>> Tag <> on line 158 contains more than one 'valuebool' attribute.
<br>>
<br>> I checked on webview and there is no tags which are using this variable
<br>> name. I try to rename in toto. And the results is the same:
<br>>
<br>> Below you can see the code:
<br>>
<br>> In bold where Apache detects an exception.
<br>>
<br>> function clear(result)
<br>> {
<br>>
<br>> var res= result.replace('"','');
<br>> var res= res.replace('"','');
<br>> var res= res.replace('[','');
<br>> var res= res.replace(']','');
<br>> var res= res.replace('[','');
<br>> var res= res.replace(']','');
<br>>
<br>> return res;
<br>>
<br>> }
<br>> function who_is_root(tab_result)
<br>> {
<br>>
<br>> var i=3;
<br>> var root=new Array();
<br>> var y=0;
<br>> var valuebool;
<br>> var z;
<br>> while (i < tab_result.length)
<br>> {
<br>>
<br>> var id_parent=clear(tab_result[i]);
<br>> valuebool=false;
<br>> z=1;
<br>>
<br>>
<br>> while (z < tab_result.length)
<br>> {
<br>> if(clear(tab_result[z])==id_parent)
<br>> {
<br>> // An exception is up
<br>>
<br>> valuebool=true;
<br>>
<br>> }
<br>> //Sometimes the exception is up for z variables
<br>> z=z+4;
<br>>
<br>> }
<br>>
<br>> if (!valuebool)
<br>> {
<br>>
<br>> root[y]=clear(tab_result[i-3]);
<br>> root[y+1]=clear(tab_result[i-2]);
<br>> root[y+2]=clear(tab_result[i-1]);
<br>> root[y+3]=clear(tab_result[i]);
<br>>
<br>> y=y+4;
<br>> }
<br>>
<br>> i=i+4;
<br>>
<br>> }
<br>>
<br>> return(root);
<br>>
<br>> }
<br>>
<br>> function afficher_enfant(id_root,y,result)
<br>> {
<br>>
<br>>
<br>>
<br>> if (y <result.length)
<br>> {
<br>>
<br>>
<br>> if(id_root==clear(result[y]))
<br>> {
<br>> //Afficher l'enfant ci-dessous
<br>> document.write("<tr>");
<br>> document.write("<td>" + clear(result[y-3]) + "</td>");
<br>> document.write("<td>" + clear(result[y-2]) + "</td>");
<br>> document.write("<td>" + clear(result[y-1]) + "</td>");
<br>> document.write("<td>" + clear(result[y]) + "</td>");
<br>> document.write("</tr>");
<br>>
<br>> }
<br>>
<br>> y=y+4;
<br>>
<br>> afficher_enfant(id_root,y,result);
<br>>
<br>> }
<br>>
<br>> }
<br>>
<br>>
<br>>
<br>>
<br>> function afficher_ma_config(code,result)
<br>> {
<br>> result=result.split(",");
<br>> var tab_root=who_is_root(result);
<br>>
<br>> var i=1;
<br>>
<br>> document.write("<table align='center' class='tablesorter'>");
<br>> document.write("<thead><tr ><td>Zone
<br>> List</td></tr><tr><th>Name</th><th>ID</th><th>Type</th><th>Parents</th></tr></thead>");
<br>> document.write("<tbody>");
<br>>
<br>> while(i<tab_root.length)
<br>> {
<br>>
<br>> document.write("<tr>");
<br>> document.write("<td>" + clear(tab_root[i-1]) + "</td>");
<br>> document.write("<td>" + clear(tab_root[i]) + "</td>");
<br>> document.write("<td>" + clear(tab_root[i+1]) + "</td>");
<br>> document.write("<td>" + clear(tab_root[i+2]) + "</td>");
<br>> document.write("</tr>");
<br>> afficher_enfant(tab_root[i],3,result);
<br>>
<br>> i=i+4;
<br>>
<br>> }
<br>>
<br>> document.write("</tbody>");
<br>> document.write("</table>");
<br>>
<br>> }
<br>>
<br>> var reqparam="<a href="http://10.192.168.2/zones/list" target="_top" rel="nofollow">http://10.192.168.2/zones/list</a>";
<br>>
<br>>
<br>> triggerAction('listrules',[reqparam],afficher_ma_config,'text/html');
<br>>
<br>>
<br>> Thank you for answering to this question,
<br>>
<br>> I think this subject was already underlined in either part of this forum
<br>>
<br>> Best Regards,
<br>>
<br>>
<br>> --
<br>> View this message in context: <a href="http://old.nabble.com/TemplateParseException%3A-Tag-%3C%3E-on-line-xxx-contains-more-than-one-%27y%27-attribute.-tp26267695p26267695.html" target="_top" rel="nofollow">http://old.nabble.com/TemplateParseException%3A-Tag-%3C%3E-on-line-xxx-contains-more-than-one-%27y%27-attribute.-tp26267695p26267695.html</a><br>> Sent from the Tapestry - Dev mailing list archive at Nabble.com.
<br>>
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269707&i=1" target="_top" rel="nofollow">dev-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269707&i=2" target="_top" rel="nofollow">dev-help@...</a>
<br>>
<br>>
</div><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269707&i=3" target="_top" rel="nofollow">dev-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269707&i=4" target="_top" rel="nofollow">dev-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---Dev-f339.html" embed="fixTarget[339]" target="_top" >Tapestry - Dev</a></p>tag:old.nabble.com,2006:post-26269675Re: How do you pass a context to PageTester?2009-11-09T08:51:05Z2009-11-09T08:51:05ZPaul Field-4Or you can just create the URL manually with the parameter in your test:
<br>tester.renderPage("mypage/1234"); // 1234 is the id
<br><br>- Paul
<br><br><br>Igor Drobiazko <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269675&i=0" target="_top" rel="nofollow">igor.drobiazko@...</a>> wrote on 09/11/2009 06:30:34:
<br>> Just create another page containg a link to target page and click on
<br>> it. The link can contain a context.
<br><br>> > Basically, I'm looking to invoke a page
<br>> > and pass it a request parameter. Is this possible?
<br><br><br><br>---
<br><br>This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
<br><br>Please refer to <a href="http://www.db.com/en/content/eu_disclosures.htm" target="_top" rel="nofollow">http://www.db.com/en/content/eu_disclosures.htm</a> for additional EU corporate and regulatory disclosures.<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26269052Re: beaneditform question2009-11-09T08:13:04Z2009-11-09T08:13:04ZDH-14I am sorry that "Object onValidate" should be "Object onValidateForm".
<br><br>DH
<br><br>----- Original Message -----
<br>From: "João Pereira"
<br>To: "Tapestry users" <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269052&i=0" target="_top" rel="nofollow">users@...</a>>
<br>Sent: Monday, November 09, 2009 11:53 PM
<br>Subject: Re: beaneditform question
<br><br><br>Thank you.
<br><br><br>On Mon, Nov 9, 2009 at 1:50 AM, DH <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269052&i=1" target="_top" rel="nofollow">ningdhcn@...</a>> wrote:
<br><div class='shrinkable-quote'><br>> Hi
<br>>
<br>> Simple sample(t5.1):
<br>>
<br>> In tml:
<br>> <form t:id="regForm" t:type="beaneditform" object="user"
<br>> include="nick,firstName,lastName" add="password,retypePassword">
<br>> <p:password>
<br>> <t:label for="password"/>
<br>> <t:passwordfield t:id="password" validate="required">
<br>> </p:password>
<br>> <p:retypePassword>
<br>> <t:label for="retypePassword"/>
<br>> <t:passwordfield t:id="retypePassword" validate="required">
<br>> </p:retypePassword>
<br>> </form>
<br>>
<br>> In java:
<br>>
<br>> @Component
<br>> private BeanEditForm regForm;
<br>>
<br>> @Property
<br>> private User user; // your user entity
<br>>
<br>> @Property
<br>> private String password;
<br>>
<br>> @Property
<br>> private String retypePassword;
<br>>
<br>> Object onValidate() {
<br>> if (!password.equals(retypePassword)) {
<br>> regForm.recordError("password and retypepassword must be == ");
<br>> return this; // meaning validation failed
<br>> }
<br>> return null; // validation successfully.
<br>> }
<br>>
<br>> Object onSuccess() {
<br>> user.setPassword(encodeutil.encode(password));
<br>> service.save(user);
<br>> return successpage or other;
<br>> }
<br>>
<br>> DH
<br>> <a href="http://www.gaonline.com.cn" target="_top" rel="nofollow">http://www.gaonline.com.cn</a></div><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26269137Re: Complete Sample Tapestry Application2009-11-09T08:12:24Z2009-11-09T08:12:24ZHoward Lewis ShipThere's several options.
<br><br>You can use the Tapestry Quickstart archetype (i.e., maven template).
<br><br>You can use the Jumpstart which is a more complete application
<br>template & tutorial.
<br><br>Here's a small example I use in my presentations:
<br><a href="http://github.com/hlship/t5intro" target="_top" rel="nofollow">http://github.com/hlship/t5intro</a><br><br>Please check the Tapestry web site for more links.
<br><br>On Mon, Nov 9, 2009 at 7:55 AM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269137&i=0" target="_top" rel="nofollow">jonhy.pear@...</a>> wrote:
<br>> Hello all,
<br>>
<br>> Is there any fully functional Web application in Tapestry5 that can be used
<br>> as a guide to bootstrap our skills in Tapestry5?
<br>>
<br>> Thank you
<br>>
<br><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269137&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26269137&i=2" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26268958Re: IoC container performance issues2009-11-09T08:07:33Z2009-11-09T08:07:33ZHoward Lewis ShipThe container is organized for functionality, not performance, with
<br>service lookups because lookups normally occur once.
<br><br>Suggestion: create a "lookup" service that has getters for all the
<br>other keys services you want. Inject those other services into its
<br>implementation. Obtain it from the Registry. Store it in a global and
<br>use that for non-service code to gain access to IoC services.
<br><br>On Mon, Nov 9, 2009 at 2:15 AM, Adriaan Joubert <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268958&i=0" target="_top" rel="nofollow">adriaan.ml@...</a>> wrote:
<div class='shrinkable-quote'><br>> Hi,
<br>>
<br>> we hit some performance issues using the tapestry IoC. The problem is
<br>> that we have legacy apps where we do need to do a lot of registry
<br>> look-ups - takes a while to rewrite everything to have services
<br>> injected via constructors everywhere. In our particular case we have a
<br>> few hundred services and in one instance a static call was replaced
<br>> with a registry look-up and a call on the service. It turns out that a
<br>> registry look-up is rather slower than we expected.
<br>>
<br>> A colleague has looked into this and says:
<br>>
<br>> "We are having some performance issues with the getService() method in
<br>> the 'RegistryImpl' class. Looking at the source code it seems that there
<br>> are some linear list searches going on in there that could perhaps be
<br>> replaced by more efficient map lookups, if possible."
<br>>
<br>> Has anybody looked into the performance of the IoC?
<br>>
<br>> Thanks,
<br>>
<br>> Adriaan
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268958&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268958&i=2" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
</div><br><br><br>--
<br>Howard M. Lewis Ship
<br><br>Creator of Apache Tapestry
<br><br>The source for Tapestry training, mentoring and support. Contact me to
<br>learn how I can get you up and productive in Tapestry fast!
<br><br>(971) 678-5210
<br><a href="http://howardlewisship.com" target="_top" rel="nofollow">http://howardlewisship.com</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268958&i=3" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268958&i=4" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26268771Complete Sample Tapestry Application2009-11-09T07:55:50Z2009-11-09T07:55:50ZJonhy PearHello all,
<br><br>Is there any fully functional Web application in Tapestry5 that can be used
<br>as a guide to bootstrap our skills in Tapestry5?
<br><br>Thank you
<br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26268723Re: beaneditform question2009-11-09T07:53:08Z2009-11-09T07:53:08ZJ. mpThank you.
<br><br><br>On Mon, Nov 9, 2009 at 1:50 AM, DH <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268723&i=0" target="_top" rel="nofollow">ningdhcn@...</a>> wrote:
<br><div class='shrinkable-quote'><br>> Hi
<br>>
<br>> Simple sample(t5.1):
<br>>
<br>> In tml:
<br>> <form t:id="regForm" t:type="beaneditform" object="user"
<br>> include="nick,firstName,lastName" add="password,retypePassword">
<br>> <p:password>
<br>> <t:label for="password"/>
<br>> <t:passwordfield t:id="password" validate="required">
<br>> </p:password>
<br>> <p:retypePassword>
<br>> <t:label for="retypePassword"/>
<br>> <t:passwordfield t:id="retypePassword" validate="required">
<br>> </p:retypePassword>
<br>> </form>
<br>>
<br>> In java:
<br>>
<br>> @Component
<br>> private BeanEditForm regForm;
<br>>
<br>> @Property
<br>> private User user; // your user entity
<br>>
<br>> @Property
<br>> private String password;
<br>>
<br>> @Property
<br>> private String retypePassword;
<br>>
<br>> Object onValidate() {
<br>> if (!password.equals(retypePassword)) {
<br>> regForm.recordError("password and retypepassword must be == ");
<br>> return this; // meaning validation failed
<br>> }
<br>> return null; // validation successfully.
<br>> }
<br>>
<br>> Object onSuccess() {
<br>> user.setPassword(encodeutil.encode(password));
<br>> service.save(user);
<br>> return successpage or other;
<br>> }
<br>>
<br>> DH
<br>> <a href="http://www.gaonline.com.cn" target="_top" rel="nofollow">http://www.gaonline.com.cn</a><br>>
<br>> ----- Original Message -----
<br>> From: "Jonhy Pear"
<br>> To: <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268723&i=1" target="_top" rel="nofollow">users@...</a>>
<br>> Sent: Monday, November 09, 2009 9:21 AM
<br>> Subject: Re: beaneditform question
<br>>
<br>>
<br>> Sorry, I mean beaneditform, not beaneditform
<br>>
<br>>
<br>> On Mon, Nov 9, 2009 at 1:05 AM, Jonhy Pear <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268723&i=2" target="_top" rel="nofollow">jonhy.pear@...</a>> wrote:
<br>>
<br>> >
<br>> >
<br>> >
<br>> >
<br>> > Hello all,
<br>> >
<br>> > This is my first message to the list. I'm new to tapestry and I'm
<br>> > evaluating it and looking for some guidance.
<br>> > Let's say I have a java bean with:
<br>> >
<br>> > String nick;
<br>> > String firstName;
<br>> > String lastName;
<br>> > String hashPassword;
<br>> >
<br>> > I want to use beaneditform to create a new user but I want to add new
<br>> > fields:
<br>> >
<br>> > password
<br>> > retypePassword
<br>> >
<br>> > and validade the presence of both and their equality. You know, that
<br>> > typical registration process.
<br>> >
<br>> > When user submit the new data I want to validate the equality of both
<br>> > password and confirmPassword and set a hash based on password in the
<br>> field
<br>> > hashPassword in the bean.
<br>> >
<br>> > Does anybody have a sample code that I can use to know what is the best
<br>> way
<br>> > to achieve this with tapestry?
<br>> >
<br>> >
<br>> > thank you
<br>> >
<br>> >
<br>> >
<br>> >
<br>>
<br>>
<br>> --
<br>> João Miguel Pereira
<br>> <a href="http://jpereira.eu" target="_top" rel="nofollow">http://jpereira.eu</a><br>> LinkedIn: <a href="http://www.linkedin.com/in/joaomiguelpereira" target="_top" rel="nofollow">http://www.linkedin.com/in/joaomiguelpereira</a><br>>
<br>> <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268723&i=3" target="_top" rel="nofollow">joaomiguel.pereira@...</a>
<br>> (351) 96 275 68 58
<br>>
</div><br><br><br>--
<br>João Miguel Pereira
<br><a href="http://jpereira.eu" target="_top" rel="nofollow">http://jpereira.eu</a><br>LinkedIn: <a href="http://www.linkedin.com/in/joaomiguelpereira" target="_top" rel="nofollow">http://www.linkedin.com/in/joaomiguelpereira</a><br><br><a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268723&i=4" target="_top" rel="nofollow">joaomiguel.pereira@...</a>
<br>(351) 96 275 68 58
<br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26268022RE: [Tapestry Central] Tapestry 5.1 and IE 8 -- Customizing Tapestry2009-11-09T07:13:16Z2009-11-09T07:13:16ZAndy Blower<div class='shrinkable-quote'>> Picture an existing application that's been deployed using Tapestry
<br>> 5.1.0.5; the prototype.js is exposed to the client as
<br>> /assets/scriptaculous/5.1.0.5/prototype.js.
<br>>
<br>> Now the application is rebuild with tapx-prototype and redeployed.
<br>> Without the remapping, the URL would be unchanged and some clients
<br>> would continue to use the old prototype.js.
<br>>
<br>> With the new contribution, the URL will now be
<br>> /assets/tapx-prototype/1.6.1/prototype.js which will force the browser
<br>> to reload.
</div><br>Right, I understand now - thanks. So we don't need this since we've not released yet and it'll only change again if we upgrade T5 versions.
<br>
<div class='shrinkable-quote'><br>> That being said, I'm finding the current version number system too
<br>> complicated. Rather than hide assets behind a mish-mash of application
<br>> version numbers, library version numbers and Tapestry's version
<br>> number, I'm thinking of simplifying it to be just the application
<br>> version number. So all asset URLs would be /asset/XYZ/... where XYZ
<br>> was the application version number. That means that on an update to
<br>> the application, clients would have to download a fresh copy of
<br>> prototype.js, tapestry.js, etc. (the core Tapestry stack) but it would
<br>> be harder to screw up some of these other path & version number
<br>> details.
</div><br>I like it the way it is personally, seems elegant and efficient.
<br><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268022&i=0" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26268022&i=1" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26267695TemplateParseException: Tag <> on line xxx contains more than one 'y' attribute.2009-11-09T07:01:28Z2009-11-09T07:01:28ZRayden30Hello,
<br><br><br>First I m a beginer in Tapestry... Actually I m developping a webview which has to display an ordered array as below:
<br><br>Root 1
<br>Root 2
<br>Root 3
<br> |----Child1
<br> |----Child2
<br> |---Child 2.1
<br> |---Child 2.2
<br>....
<br>...
<br><br>My code in local working perfectly... However when I intrated in my tapestry application it idisplays the following exception:
<br><br><b><i>Tag <> on line 158 contains more than one 'valuebool' attribute.</i></b><br><br>I checked on webview and there is no tags which are using this variable name. I try to rename in toto. And the results is the same:
<br><br>Below you can see the code:
<br><br>In bold where Apache detects an exception.
<br>
<br> function clear(result)
<br> {
<br>
<br> var res= result.replace('"','');
<br> var res= res.replace('"','');
<br> var res= res.replace('[','');
<br> var res= res.replace(']','');
<br> var res= res.replace('[','');
<br> var res= res.replace(']','');
<br>
<br> return res;
<br><br> }
<br> function who_is_root(tab_result)
<br> {
<br>
<br> var i=3;
<br> var root=new Array();
<br> var y=0;
<br> var valuebool;
<br> var z;
<br> while (i < tab_result.length)
<br> {
<br>
<br> var id_parent=clear(tab_result[i]);
<br> valuebool=false;
<br> z=1;
<br>
<br>
<br> while (z < tab_result.length)
<br> {
<br> if(clear(tab_result[z])==id_parent)
<br> {
<br> <b>// An exception is up</b><br>
<br> <b>valuebool=true;</b><br>
<br> }
<br> <b> //Sometimes the exception is up for z variables</b><br> <b>z=z+4;</b><br>
<br> }
<br>
<br> if (!valuebool)
<br> {
<br>
<br> root[y]=clear(tab_result[i-3]);
<br> root[y+1]=clear(tab_result[i-2]);
<br> root[y+2]=clear(tab_result[i-1]);
<br> root[y+3]=clear(tab_result[i]);
<br>
<br> y=y+4;
<br> }
<br>
<br> i=i+4;
<br>
<br> }
<br><br> return(root);
<br><br> }
<br>
<br> function afficher_enfant(id_root,y,result)
<br> {
<br>
<br><br>
<br> if (y <result.length)
<br> {
<br>
<br>
<br> if(id_root==clear(result[y]))
<br> {
<br> //Afficher l'enfant ci-dessous
<br> document.write("<tr>");
<br> document.write("<td>" + clear(result[y-3]) + "</td>");
<br> document.write("<td>" + clear(result[y-2]) + "</td>");
<br> document.write("<td>" + clear(result[y-1]) + "</td>");
<br> document.write("<td>" + clear(result[y]) + "</td>");
<br> document.write("</tr>");
<br>
<br> }
<br>
<br> y=y+4;
<br>
<br> afficher_enfant(id_root,y,result);
<br>
<br> }
<br>
<br> }
<br><br><br><br>
<br> function afficher_ma_config(code,result)
<br> {
<br> result=result.split(",");
<br> var tab_root=who_is_root(result);
<br>
<br> var i=1;
<br>
<br> document.write("<table align='center' class='tablesorter'>");
<br> document.write("<thead><tr ><td>Zone List</td></tr><tr><th>Name</th><th>ID</th><th>Type</th><th>Parents</th></tr></thead>");
<br> document.write("<tbody>");
<br><br> while(i<tab_root.length)
<br> {
<br>
<br> document.write("<tr>");
<br> document.write("<td>" + clear(tab_root[i-1]) + "</td>");
<br> document.write("<td>" + clear(tab_root[i]) + "</td>");
<br> document.write("<td>" + clear(tab_root[i+1]) + "</td>");
<br> document.write("<td>" + clear(tab_root[i+2]) + "</td>");
<br> document.write("</tr>");
<br> afficher_enfant(tab_root[i],3,result);
<br>
<br> i=i+4;
<br>
<br> }
<br>
<br> document.write("</tbody>");
<br> document.write("</table>");
<br><br> }
<br><br> var reqparam="<a href="http://10.192.168.2/zones/list" target="_top" rel="nofollow">http://10.192.168.2/zones/list</a>";
<br><br><br> triggerAction('listrules',[reqparam],afficher_ma_config,'text/html');
<br><br><br> Thank you for answering to this question,
<br><br> I think this subject was already underlined in either part of this forum
<br><br> Best Regards,
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---Dev-f339.html" embed="fixTarget[339]" target="_top" >Tapestry - Dev</a></p>tag:old.nabble.com,2006:post-26267409Re: Re: [Tapestry Central] Next Steps for Tapestry2009-11-09T06:32:20Z2009-11-09T06:32:20ZWilson IkedaI think that Inge Solvoli is right, but rather than writing a book
<br>first i think that the Tapestry site need to be redone (what happened
<br>to the redesign?), it's the first place that people new to Tapestry
<br>will look at and i think that today's design and layout give people
<br>the impressions: complex, difficult to understand how to create and
<br>use zones for example, needs organization: components -> Tapestry
<br>version x, how to for specific versions etc. People convinced that
<br>it's a good framework will buy the book but if not they will not spend
<br>money and time on a Tapestry 5.1 book. What if rather than writing a
<br>book and selling it, write and redesign the site using the material
<br>that was to go for the book? It's the Main Store for Tapestry. If the
<br>site's documentation is good enough it will be echoed on the net:
<br>"Want to learn Tapestry, go to the tapestry site, the documentation is
<br>awesome!".
<br><br>Just my thoughts!
<br><br>On Nov 9, 2009, at 9:35 PM, Inge Solvoll wrote:
<br><div class='shrinkable-quote'><br>> From: Inge Solvoll <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26267409&i=0" target="_top" rel="nofollow">inge.tapestry@...</a>>
<br>> Date: November 9, 2009 5:34:33 PM GMT+09:00
<br>> To: Tapestry users <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26267409&i=1" target="_top" rel="nofollow">users@...</a>>
<br>> Subject: Re: [Tapestry Central] Next Steps for Tapestry
<br>>
<br>>
<br>> Book. Web site. Marketing. Strategy.
<br>>
<br>> Just to make a statement here: THE TAPESTRY 5 CODE IS MORE THAN GOOD
<br>> ENOUGH!! The quality of the code and the framework just isn't the
<br>> bottleneck. I think we all can agree on that?
<br>>
<br>> Who cares about Spring Web Flow or portlet support? Do we really
<br>> think that
<br>> such features would generate exponential amounts of traffic to the T5
<br>> website? Because that's what we need. Exponential growth in the user
<br>> base.
<br>> My fear is that T5 will simply die within a couple of years if we
<br>> don't get
<br>> massive growth and popularity. So what can we do to achieve that?
<br>> Exposing
<br>> internal services as public sounds like a great idea to me, but it
<br>> sure
<br>> won't help much for the exponential growth.
<br>>
<br>> I think the best way for Howard to spend his time would be to find
<br>> more
<br>> people to delegate work to, and spend some quality time with those
<br>> people.
<br>> And after that, focus on marketing and documentation.
<br>>
<br>> Hope I didn't offend anyone with this rather brutal post. I want
<br>> only the
<br>> best for this excellent framework and its very talented founder :)
</div><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26267345Re: t5: Link s addParameter and null2009-11-09T06:28:12Z2009-11-09T06:28:12ZThiago H. de Paula FigueiredoEm Mon, 09 Nov 2009 11:24:21 -0200, Angelo Chen
<br><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26267345&i=0" target="_top" rel="nofollow">angelochen960@...</a>> escreveu:
<br><br>> Hi,
<br><br>Hi!
<br><br>> 2) if I do a lnk.addParameter("country", null) and I got following:
<br>> RequestExceptionHandler Unexpected runtime exception: Parameter value
<br>> was null or contained only whitespace.
<br><br>Please post a JIRA about it. I think that you use of a query parameter
<br>without a value is valid, but the framework thinks otherwise now.
<br><br>--
<br>Thiago H. de Paula Figueiredo
<br>Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
<br>and instructor
<br>Owner, software architect and developer, Ars Machina Tecnologia da
<br>Informação Ltda.
<br><a href="http://www.arsmachina.com.br" target="_top" rel="nofollow">http://www.arsmachina.com.br</a><br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26267345&i=1" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26267345&i=2" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26267272Re: [ANN] t5components - release 0.5.42009-11-09T06:24:31Z2009-11-09T06:24:31ZKumar_2106Hi,
<br>I need to Update the TextBox on Change of Select Box. So I am trying to use t5components/OnEvent.
<br><br>So I am trying to update Maven POM for t5-common dependency for mixins 't5components/OnEvent' on my tml ,but I am getting below error message when I run mvn clean install
<br><br> (For OnEvent mixins I succesfully added ><chenillekit-tapestry> to my Repository but it does not work fine..So I am trying t5Component now and se if it works).
<br><br> <dependency>
<br> <groupId>org.apache.tapestry</groupId>
<br> <artifactId>t5c-commons</artifactId>
<br> <version>0.5.15-SNAPSHOT</version>
<br> </dependency>
<br><br> <repository>
<br> <id>t5components</id>
<br> <name>T5Components Maven Repository</name>
<br> <url> <a href="http://213.160.23.119:8080/t5components" target="_top" rel="nofollow">http://213.160.23.119:8080/t5components</a></url>
<br> </repository>
<br><br><br><br>-------------------------------------------
<br>] Scanning for projects...
<br>[INFO] ------------------------------------------------------------------------
<br>[INFO] Building Data Spend Manager
<br>[INFO] task-segment: [clean, install]
<br>[INFO] ------------------------------------------------------------------------
<br>[INFO] [clean:clean]
<br>[INFO] snapshot nu.localhost.tapestry:tapestry-spring-security:2.1.0-SNAPSHOT: checking for updates from t5components
<br>[WARNING] repository metadata for: 'snapshot nu.localhost.tapestry:tapestry-spring-security:2.1.0-SNAPSHOT' could not be retrieved from repository: t5components due to an error: Error transferring file
<br>[INFO] Repository 't5components' will be blacklisted
<br>[INFO] ------------------------------------------------------------------------
<br>[ERROR] BUILD ERROR
<br>[INFO] ------------------------------------------------------------------------
<br>[INFO] Failed to resolve artifact.
<br><br>Missing:
<br>----------
<br>1) org.apache.tapestry:t5c-commons:jar:0.5.15-SNAPSHOT
<br><br> Try downloading the file manually from the project website.
<br><br> Then, install it using the command:
<br> mvn install:install-file -DgroupId=org.apache.tapestry -DartifactId=t5c-commons -Dversion=0.5.15-SNAPSHOT -Dpackaging=jar -Dfile=/path/to/file
<br><br> Alternatively, if you host your own repository you can deploy the file there:
<br> mvn deploy:deploy-file -DgroupId=org.apache.tapestry -DartifactId=t5c-commons -Dversion=0.5.15-SNAPSHOT -Dpackaging=jar -Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id]
<br><br> Path to dependency:
<br> 1) net.rockshore.dsm:DataSpendManager:war:1.0-SNAPSHOT
<br> 2) org.apache.tapestry:t5c-commons:jar:0.5.15-SNAPSHOT
<br><br>----------
<br>1 required artifact is missing.
<br><br>for artifact:
<br> net.rockshore.dsm:DataSpendManager:war:1.0-SNAPSHOT
<br><br>from the specified remote repositories:
<br> t5components (<a href="http://213.160.23.119:8080/t5components" target="_top" rel="nofollow">http://213.160.23.119:8080/t5components</a>),
<br> nexus (<a href="https://rockshore.net/nexus/content/groups/public" target="_top" rel="nofollow">https://rockshore.net/nexus/content/groups/public</a>),
<br> chenillekit (<a href="http://www.chenillekit.org/mvnrepo/release" target="_top" rel="nofollow">http://www.chenillekit.org/mvnrepo/release</a>)
<br><br><br>[INFO] ------------------------------------------------------------------------
<br>[INFO] For more information, run Maven with the -e switch
<br>[INFO] ------------------------------------------------------------------------
<br>[INFO] Total time: 7 seconds
<br>[INFO] Finished at: Mon Nov 09 14:14:26 GMT 2009
<br>[INFO] Final Memory: 15M/119M
<br><br><br><br>Can You pleas help on this ?? Any piece of advise is highly appreciated.
<br><br><br>Thanks,
<br>Kumar
<br><br><br><br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Sven Homburg wrote:</div>
<div class="quote-message">Hi there,
<br><br>the t5components release 0.5.4 is out now.
<br>special thanks to Tod Orr and Ted Steen to let include
<br>their components into T5Components
<br><br>project page with demo click here <a href="http://213.160.23.119:8080/t5components/" target="_top" rel="nofollow">http://213.160.23.119:8080/t5components/</a></div>
</div></blockquote>
<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26267129Re: t5: Link s addParameter and null2009-11-09T06:15:43Z2009-11-09T06:15:43ZAngelo ChenI need that to be in the url so it can be captured by Google Analytics.
<br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Alexey Hanin wrote:</div>
<div class="quote-message shrinkable-quote">Don't have an opportunity to check this but as I know Tapestry treats
<br>empty parameters as nulls. Just curious, why do you want empty
<br>parameter in query string? Conceptually, parameters not being set
<br>makes it null.
<br><br>On Mon, Nov 9, 2009 at 3:50 PM, Angelo Chen <angelochen960@yahoo.com.hk> wrote:
<br>>
<br>> Hi,
<br>> Thanks for the reply, but it does not work, still same error, i check the
<br>> LinkImpl:
<br>>
<br>> public void addParameter(String parameterName, String value)
<br>> {
<br>> Defense.notBlank(parameterName, "parameterName");
<br>> Defense.notBlank(value, "value");
<br>>
<br>> if (parameters == null)
<br>> parameters = CollectionFactory.newMap();
<br>>
<br>> parameters.put(parameterName, value);
<br>> }
<br>>
<br>> it is making sure the value is not blank, but I believe query string having
<br>> blank value is often.
<br>>
<br>>
<br>> Alexey Hanin wrote:
<br>>>
<br>>> Just make it empty string when it's null:
<br>>>
<br>>> lnk.addParameter("country", country == null ? "" : country);
<br>>>
<br>>> On Mon, Nov 9, 2009 at 3:24 PM, Angelo Chen <angelochen960@yahoo.com.hk>
<br>>> wrote:
<br>>>>
<br>>>> Hi,
<br>>>>
<br>>>> I have a query string that I need to append to a Link object, the query
<br>>>> string is:
<br>>>>
<br>>>> ?gender=M&country=
<br>>>>
<br>>>> I got two questions:
<br>>>>
<br>>>> 1) is there a simple way to append this string to a Link object instead
<br>>>> of
<br>>>> using addParameter?
<br>>>>
<br>>>> 2) if I do a lnk.addParameter("country", null) and I got following:
<br>>>>
<br>>>> RequestExceptionHandler Unexpected runtime exception: Parameter value
<br>>>> was
<br>>>> null or contained only whitespace.
<br>>>>
<br>>>> and I need to make the country part of query string even it is null, any
<br>>>> idea? thanks,
<br>>>>
<br>>>> A.C.
<br>>>> --
<br>>>> View this message in context:
<br>>>> <a href="http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266356.html" target="_top" rel="nofollow">http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266356.html</a><br>>>> Sent from the Tapestry - User mailing list archive at Nabble.com.
<br>>>>
<br>>>>
<br>>>> ---------------------------------------------------------------------
<br>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>>>> For additional commands, e-mail: users-help@tapestry.apache.org
<br>>>>
<br>>>>
<br>>>
<br>>> ---------------------------------------------------------------------
<br>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>>> For additional commands, e-mail: users-help@tapestry.apache.org
<br>>>
<br>>>
<br>>>
<br>>
<br>> --
<br>> View this message in context: <a href="http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266715.html" target="_top" rel="nofollow">http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266715.html</a><br>> Sent from the Tapestry - User mailing list archive at Nabble.com.
<br>>
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>> For additional commands, e-mail: users-help@tapestry.apache.org
<br>>
<br>>
<br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>For additional commands, e-mail: users-help@tapestry.apache.org
<br></div>
</div></blockquote>
<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26266881Re: t5: Link s addParameter and null2009-11-09T06:00:50Z2009-11-09T06:00:50ZAlexey HaninDon't have an opportunity to check this but as I know Tapestry treats
<br>empty parameters as nulls. Just curious, why do you want empty
<br>parameter in query string? Conceptually, parameters not being set
<br>makes it null.
<br><br>On Mon, Nov 9, 2009 at 3:50 PM, Angelo Chen <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=0" target="_top" rel="nofollow">angelochen960@...</a>> wrote:
<div class='shrinkable-quote'><br>>
<br>> Hi,
<br>> Thanks for the reply, but it does not work, still same error, i check the
<br>> LinkImpl:
<br>>
<br>> public void addParameter(String parameterName, String value)
<br>> {
<br>> Defense.notBlank(parameterName, "parameterName");
<br>> Defense.notBlank(value, "value");
<br>>
<br>> if (parameters == null)
<br>> parameters = CollectionFactory.newMap();
<br>>
<br>> parameters.put(parameterName, value);
<br>> }
<br>>
<br>> it is making sure the value is not blank, but I believe query string having
<br>> blank value is often.
<br>>
<br>>
<br>> Alexey Hanin wrote:
<br>>>
<br>>> Just make it empty string when it's null:
<br>>>
<br>>> lnk.addParameter("country", country == null ? "" : country);
<br>>>
<br>>> On Mon, Nov 9, 2009 at 3:24 PM, Angelo Chen <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=1" target="_top" rel="nofollow">angelochen960@...</a>>
<br>>> wrote:
<br>>>>
<br>>>> Hi,
<br>>>>
<br>>>> I have a query string that I need to append to a Link object, the query
<br>>>> string is:
<br>>>>
<br>>>> ?gender=M&country=
<br>>>>
<br>>>> I got two questions:
<br>>>>
<br>>>> 1) is there a simple way to append this string to a Link object instead
<br>>>> of
<br>>>> using addParameter?
<br>>>>
<br>>>> 2) if I do a lnk.addParameter("country", null) and I got following:
<br>>>>
<br>>>> RequestExceptionHandler Unexpected runtime exception: Parameter value
<br>>>> was
<br>>>> null or contained only whitespace.
<br>>>>
<br>>>> and I need to make the country part of query string even it is null, any
<br>>>> idea? thanks,
<br>>>>
<br>>>> A.C.
<br>>>> --
<br>>>> View this message in context:
<br>>>> <a href="http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266356.html" target="_top" rel="nofollow">http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266356.html</a><br>>>> Sent from the Tapestry - User mailing list archive at Nabble.com.
<br>>>>
<br>>>>
<br>>>> ---------------------------------------------------------------------
<br>>>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=2" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>>>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=3" target="_top" rel="nofollow">users-help@...</a>
<br>>>>
<br>>>>
<br>>>
<br>>> ---------------------------------------------------------------------
<br>>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=4" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=5" target="_top" rel="nofollow">users-help@...</a>
<br>>>
<br>>>
<br>>>
<br>>
<br>> --
<br>> View this message in context: <a href="http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266715.html" target="_top" rel="nofollow">http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266715.html</a><br>> Sent from the Tapestry - User mailing list archive at Nabble.com.
<br>>
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=6" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>> For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=7" target="_top" rel="nofollow">users-help@...</a>
<br>>
<br>>
</div><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=8" target="_top" rel="nofollow">users-unsubscribe@...</a>
<br>For additional commands, e-mail: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26266881&i=9" target="_top" rel="nofollow">users-help@...</a>
<br><br><p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>tag:old.nabble.com,2006:post-26266715Re: t5: Link s addParameter and null2009-11-09T05:50:57Z2009-11-09T05:50:57ZAngelo ChenHi,
<br>Thanks for the reply, but it does not work, still same error, i check the LinkImpl:
<br><br> public void addParameter(String parameterName, String value)
<br> {
<br> Defense.notBlank(parameterName, "parameterName");
<br> Defense.notBlank(value, "value");
<br><br> if (parameters == null)
<br> parameters = CollectionFactory.newMap();
<br><br> parameters.put(parameterName, value);
<br> }
<br><br>it is making sure the value is not blank, but I believe query string having blank value is often.
<br><br><blockquote class="quote light-black dark-border-color"><div class="quote light-border-color">
<div class="quote-author" style="font-weight: bold;">Alexey Hanin wrote:</div>
<div class="quote-message shrinkable-quote">Just make it empty string when it's null:
<br><br>lnk.addParameter("country", country == null ? "" : country);
<br><br>On Mon, Nov 9, 2009 at 3:24 PM, Angelo Chen <angelochen960@yahoo.com.hk> wrote:
<br>>
<br>> Hi,
<br>>
<br>> I have a query string that I need to append to a Link object, the query
<br>> string is:
<br>>
<br>> ?gender=M&country=
<br>>
<br>> I got two questions:
<br>>
<br>> 1) is there a simple way to append this string to a Link object instead of
<br>> using addParameter?
<br>>
<br>> 2) if I do a lnk.addParameter("country", null) and I got following:
<br>>
<br>> RequestExceptionHandler Unexpected runtime exception: Parameter value was
<br>> null or contained only whitespace.
<br>>
<br>> and I need to make the country part of query string even it is null, any
<br>> idea? thanks,
<br>>
<br>> A.C.
<br>> --
<br>> View this message in context: <a href="http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266356.html" target="_top" rel="nofollow">http://old.nabble.com/t5%3A-Link-s-addParameter-and-null-tp26266356p26266356.html</a><br>> Sent from the Tapestry - User mailing list archive at Nabble.com.
<br>>
<br>>
<br>> ---------------------------------------------------------------------
<br>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>> For additional commands, e-mail: users-help@tapestry.apache.org
<br>>
<br>>
<br><br>---------------------------------------------------------------------
<br>To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
<br>For additional commands, e-mail: users-help@tapestry.apache.org
<br></div>
</div></blockquote>
<p>From forum: <a href="http://old.nabble.com/Tapestry---User-f340.html" embed="fixTarget[340]" target="_top" >Tapestry - User</a></p>