You should configure the servlet container. Java Web Security is a standard
part of the J2EE/JEE specification. There should be many resources on the
internet on that topic.
On Tue, Jul 21, 2009 at 9:30 AM, Daniel Jones <d...@murieston.com> wrote:
>
> Hi Howard,
>
> Thanks for the reply. How do I do that, is this tapestry specific or do I
> need to configure the servlet container (Jetty in my case).
>
> Regards,
> Daniel
>
>
> Howard Lewis Ship wrote:
> >
> > You can mark them as protected resources that require a CRC query
> > parameter to access.
> >
> > You are right, .tml files should be protected in this way, as should
> > hibernate XML files.
> >
> > On Mon, Jul 20, 2009 at 6:13 PM, Daniel Jones<d...@murieston.com> wrote:
> >>
> >> Hello,
> >>
> >> OK, so here is my problem.
> >>
> >> In my page template:
> >> ${asset:context:assets/images/layout/add.png}
> >>
> >> Tapestry generated URL to asset.
> >>
> >>
> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/assets/images/layout/add.png
> >>
> >> If I point my browser at:
> >>
> >> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/
> >>
> >> I get a directory listing including my .tml files, I can download these
> >> in
> >> their raw form. If I point my browser at http://127.0.0.1:8080/assets/
> >> I
> >> get a directory listing again, this time even more worrying as it
> >> contains
> >> my hibernate.cfg.xml which can be downloaded exposing the database
> >> username
> >> and password.
> >>
> >> How do I fix this. I used the maven archetype to build the project so
> >> the
> >> layout looks normal when compared with
> >> http://tapestry.apache.org/tapestry5/guide/project-layout.html
> >>
> >> What am I doing wrong?
> >>
> >> Any help is much appreciated.
> >>
> >> Regards,
> >> Daniel
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24580195.html
> >> Sent from the Tapestry - User mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> >> For additional commands, e-mail: users-h...@tapestry.apache.org
> >>
> >>
> >
> >
> >
> > --
> > Howard M. Lewis Ship
> >
> > Creator of Apache Tapestry
> > Director of Open Source Technology at Formos
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24580323.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
