Hi Robert,

How to implement this component? Is it necessary to register the component
in the appmodule?

Thx 

Sabine



Robert Zeigler wrote:
> 
> Couple of comments...
> First, the T5 asset service has the md5 feature.  But the default  
> implementation, at the moment, only requires md5 hashing for  
> the .class files. (So, there's not an open door to the class bytes at  
> the moment. ;)
> Second, I have a T5 app that should be going live in the next few  
> days. So I implemented an extensible AssetProtectorDispatcher.  By  
> default, it uses a whitelist strategy, and the default configuration  
> will add the various tapestry assets (default.css, grid's components,  
> etc.) to the whitelist for you.
> You can download it here:
> http://www.tapestrycomponents.org/Tassel/app?service=external/ 
> ViewComponent&sp=SAssetProtectionDispatcher
> 
> Or, if you're a maven user, I've got it in a personal maven repo here:
> http://www.saiwai-solutions.com/maven
> 
> Cheers.
> 
> Robert
> 
> On Jul 27, 2007, at 7/277:54 AM , Chris Lewis wrote:
> 
>> I'm quite new to Tapestry and just 2 days ago have started working  
>> with Tap 5. I realize the two (4 vs 5) are disparately different,  
>> but one of the things nice about the Tap 4 asset service was the  
>> checksum feature I mentioned that would deny access unless the sum  
>> in the url matched that of the file. My newness to Tap may show  
>> here, but why can't the asset service simply ignore requests for  
>> files that are not marked (@Asset) as assets? I mean doesn't a deny- 
>> all first and allow explicit exceptions strategy seem much more  
>> sane then providing an open door to the whole classpath (class  
>> bytes included??)?
>>
>> Robert Zeigler wrote:
>>>
>>> Asset service doesn't really need a configuration point here, imo.
>>> You can already make contributions to services that would allow  
>>> you to implement this sort of content filtering.
>>> For instance, you could contribute a RequestFilter. Alternatively,  
>>> you could contribute a Dispatcher to teh MasterDispatcher service.
>>> Contributions to MasterDispatcher are ordered, so you can  
>>> contribute your "AssetBlockerDispatcher" before the asset service,  
>>> intercept requests to "forbidden" assets,
>>> and respond appropriately.  You could then make your custom  
>>> dispatcher (or request filter) configurable in the manner that you  
>>> desire.
>>> You don't rewrite any of the asset service, you get your content  
>>> filtering, and you can write it as a drop-in module for any new  
>>> projects.
>>>
>>> Robert
>>>
>>> On Jul 26, 2007, at 7/266:18 PM , Daniel Jue wrote:
>>>
>>>> Thiago, my apologies.  You are correct.  I would think this is big a
>>>> problem if you can't hide important files from users!
>>>>
>>>> Dan
>>>>
>>>> On 7/26/07, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote:
>>>>> On Thu, 26 Jul 2007 16:46:37 -0300, Daniel Jue  
>>>>> <[EMAIL PROTECTED]> wrote:
>>>>>
>>>>> > Hi,  Just don't put configuration resources there.
>>>>>
>>>>> I'm not sure you had understood what I've said.
>>>>>
>>>>> My hibernate.cfg.xml is in /src/main/resources. So it is copied by
>>>>> Eclipse/NetBeans/Maven/whatever to my webapp's classpath. And  
>>>>> anything in
>>>>> the classpath, as far as I can see, is accessible via
>>>>> <applicatiourl>/assets. As many frameworks expect their  
>>>>> configuration
>>>>> files to be in the classpath, I think we have a little, easy to  
>>>>> solve
>>>>> problem here. :)
>>>>>
>>>>> Thiago
>>>>>
>>>>> ------------------------------------------------------------------- 
>>>>> --
>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>
>>>>>
>>>>
>>>> -------------------------------------------------------------------- 
>>>> -
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tf4153267.html#a11978578
Sent from the Tapestry - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to