tapestry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1000168 - in /websites/production/tapestry/content: cache/main.pageCache security.html
Date Sun, 30 Oct 2016 22:19:43 GMT
Author: buildbot
Date: Sun Oct 30 22:19:43 2016
New Revision: 1000168

Log:
Production update by buildbot for tapestry

Modified:
    websites/production/tapestry/content/cache/main.pageCache
    websites/production/tapestry/content/security.html

Modified: websites/production/tapestry/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/tapestry/content/security.html
==============================================================================
--- websites/production/tapestry/content/security.html (original)
+++ websites/production/tapestry/content/security.html Sun Oct 30 22:19:43 2016
@@ -90,7 +90,7 @@
    <a  href="https.html">HTTPS</a> 
   </div> </li></ul></div><p>&#160;</p><h2 id="Security-HTTPS-onlyPages">HTTPS-only
Pages</h2><p>Main Article: <a  href="https.html">HTTPS</a></p><p>Tapestry
provides several annotations and configuration settings that you can use to&#160;<span
style="text-align: justify;line-height: 1.4285715;">ensure that all access to certain pages
(or all pages) occurs only via the encrypted HTTPS protocol</span><span style="text-align:
justify;line-height: 1.4285715;">. See&#160;<a  href="https.html">HTTPS</a>
for details.</span></p><h2 id="Security-ControllingPageAccess"><span
style="text-align: justify;line-height: 1.4285715;">Controlling Page Access</span></h2><p></p><div
class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em">
 <p>    <strong>JumpStart Demo:</strong><br clear="none">
-    <a  class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages"
rel="nofollow">Protecting Pages</a></p></div><span style="text-align:
justify;line-height: 1.4285715;">For simple access control needs, you can contribute a&#160;<span><a
 class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a>
with your custom logic that decides which pages should be accessed by which users.</span></span><p><span
style="line-height: 1.4285715;text-align: justify;">For more advanced needs see the Security
Framework Integration section below.</span></p><h2 id="Security-White-listedPages">White-listed
Pages</h2><p>Pages whose component classes are annotated with&#160;@<a
 class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOnly</a>&#160;will
only be disp
 layed to users (clients) that are on the&#160;<em>whitelist</em>. By default
the whitelist consists only of clients whose fully-qualified domain name is "localhost" (or
the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1),&#160;but you can customize this
by contributing to the ClientWhitelist service&#160;in your application's module class
(usually AppModule.java):</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>AppModule.java
(partial) &#8211; simple inline example</b></div><div class="codeContent
panelContent pdl">
+    <a  class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages"
rel="nofollow">Protecting Pages</a></p></div><span style="text-align:
justify;line-height: 1.4285715;">For simple access control needs, you can contribute a&#160;<span><a
 class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a>
with your custom logic that decides which pages should be accessed by which users. The <a
 class="external-link" href="https://tapestry-app.apache.org/hotels/">Tapestry Hotel Booking
</a>app demonstrates this approach with an <code>@AnonymousAccess</code>
annotation along with a ComponentRequestFilter named&#160;<code>AuthenticationFilter.java</code>.
The filter enforces security by intercepting all requests to pages that don't have that annotation,
and it redirects those requests to the login page. <a  class="external-link" href="http:
 //jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" rel="nofollow">JumpStart</a>
has a similar demo.<br clear="none"></span></span><p><span style="line-height:
1.4285715;text-align: justify;">For more advanced needs see the Security Framework Integration
section below.</span></p><h2 id="Security-White-listedPages">White-listed
Pages</h2><p>Pages whose component classes are annotated with&#160;@<a
 class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOnly</a>&#160;will
only be displayed to users (clients) that are on the&#160;<em>whitelist</em>.
By default the whitelist consists only of clients whose fully-qualified domain name is "localhost"
(or the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1),&#160;but you can customize
this by contributing to the ClientWhitelist service&#160;in your application's module
class (usually AppModule.java):</p><div class="
 code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>AppModule.java (partial) &#8211; simple
inline example</b></div><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">  
 @Contribute(ClientWhitelist.class)
     public static void provideWhitelistAnalyzer(OrderedConfiguration&lt;WhitelistAnalyzer&gt;
configuration)
     {



Mime
View raw message