Hi Alejandro,
the above example works ok! I moron had forgotten to remove
contributeSecurityConfiguration in DevelopmentModule which was overriding
configuration in AppModule.
Those three lines are all I need.
I have a form in the allowed page and it works as expected. What did you
mean by additional rules for forms and eventlinks?
Can you also give a hint about @RequireRole("beta")?
Thanks for your time!
2013/4/2 Alejandro Scandroli <alejandroscandr...@gmail.com>
> Hi Borut
>
> For rulling out everything but one "public" folder this configuration
> should work.
>
>
> configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/public/**").add(factory.anon()).build());
>
> configuration.add(factory.createChain("/**").add(factory.notfound()).build());
>
> I've added the assets folder to the configuration for obvious reasons.
> If that doesn't work for you let me know and we'll take a closer look
> to the complete configuration.
>
> I've tested this with tapestry-security 0.5.0 and 0.4.6, which version
> are you using?
>
> Alejandro.
>
>
>
>
>
>
>
>
> On Tue, Apr 2, 2013 at 8:19 AM, Borut Bolčina <borut.bolc...@gmail.com>
> wrote:
> > Alejandro,
> >
> > I have just tried this approach with factory chains, but the solution
> still
> > eludes me. I've tried "every" variation of creating the right chain for
> > ruling out the index page and all other subfolders - besides one folder.
> >
> > This configuration is the closest of what I think should do the job:
> >
> >
> configuration.add(factory.createChain("/index").add(factory.notfound()).build());
> >
> configuration.add(factory.createChain("/hidden1/**").add(factory.notfound()).build());
> >
> configuration.add(factory.createChain("/hidden2/**").add(factory.notfound()).build());
> >
> > but accessing http://localhost (or http://localhost/index) still renders
> > the index page and the hidden pages.
> >
> > If I remove the first line (with /index), then I get 404 as expected for
> > the hidden folders, but the index page is visible.
> >
> > I am running the app locally with Jetty
> > (jetty-maven-plugin:8.1.9.v20130131).
> >
> > -borut
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > 2013/3/29 Alejandro Scandroli <alejandroscandr...@gmail.com>
> >
> >> Hi Borut
> >>
> >> Using tapestry-security you have a couple of options.
> >>
> >> If you have all the protected/hidden pages in the same folder you
> >> could do something like this:
> >>
> >>
> >>
> configuration.add(factory.createChain("/yourfolder/**").add(factory.notfound()).build());
> >>
> >> If they are not in the same folder you can create one rule per folder
> >> or in the worst case one rule per page.
> >>
> >> The reversed logic would be, block access to the root "/" and then
> >> give anon access to your visible pages.
> >>
> >>
> >>
> configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
> >>
> >>
> configuration.add(factory.createChain("/signin").add(factory.anon()).build());
> >>
> >>
> configuration.add(factory.createChain("/visibleFolder/**").add(factory.anon()).build());
> >>
> >>
> configuration.add(factory.createChain("/visiblePage1").add(factory.anon()).build());
> >>
> >>
> configuration.add(factory.createChain("/visiblePage2").add(factory.anon()).build());
> >>
> >> configuration.add(factory.createChain("/").add(factory.anon()).build());
> >>
> >>
> configuration.add(factory.createChain("/**").add(factory.notfound()).build());
> >>
> >> Please, be careful with this, eventlinks and forms in the visible
> >> pages may need their own rules.
> >>
> >> Finally, my preferred way to handle this is with a role. You could use
> >> something like @RequireRole("beta").
> >>
> >> Good luck with the launch.
> >> Alejandro.
> >>
> >>
> >>
> >> On Fri, Mar 29, 2013 at 2:54 PM, Thiago H de Paula Figueiredo
> >> <thiag...@gmail.com> wrote:
> >> > On Fri, 29 Mar 2013 09:05:04 -0300, Borut Bolčina <
> >> borut.bolc...@gmail.com>
> >> > wrote:
> >> >
> >> >> Hello,
> >> >
> >> >
> >> > Hi!
> >> >
> >> >
> >> >> What is the least obtrusive way to mark pages "hidden" in production
> >> mode
> >> >> or with some other configuration setting.
> >> >
> >> >
> >> > I'd try adding a RequestFilter and have some logic there to define
> >> whether
> >> > the request is for a hidden page. If yes, return a 404 error.
> >> >
> >> > --
> >> > Thiago H. de Paula Figueiredo
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> >> > For additional commands, e-mail: users-h...@tapestry.apache.org
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> >> For additional commands, e-mail: users-h...@tapestry.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
