On Aug 6, 2013, at 7:22 AM, Thiago H de Paula Figueiredo <thiag...@gmail.com> wrote:
>> Some topics I'd be interested in: >> - Application security, authentication and authorization- best practices >> with several popular frameworks > > Several popular frameworks? Which ones? > > Doesn't this fall a little over the focus of the book, which is Tapestry > itself? The book can talk about setting up Apache Shiro via > tapestry-security, for example, but then talking about Shiro specifically > looks like lack of coesion (in the OOP sense) to me. Of course, security is > very important. I think the fact that Tapestry doesn't offer a security framework out of the box is sort of silly in this day and age. I've never worked on a web site that didn't need authentication and authorization support. So I definitely think you should talk about it at least enough to implement a non-trivial application with custom login pages and database-driven users/roles. Going with whatever library is considered "best practice" should be enough, e.g. tapestry-security. Maybe best practice has yet to be written. Solutions like tapestry-security cache page requires roles and changes don't take effect until you restart. Shiro caches roles between sessions, too, which leads to all sorts of problems if you change them. Basically, it still doesn't "just work" and a working, flexible solution needs to be there to use Tapestry for anything non-trivial. One thing that always messes me up, and for which I've still never found a solution, is to have a login page loaded with HTTPS, form submission via HTTPS and then switch back to normal HTTP for performance. It just won't work due to the secure cookies. This is but one challenge to writing a full-featured application. Other topic ideas and elaborations on your ideas: 1. A decent example to do Grid Data Sources. I've written my own class, SQLQueryGridDataSource to make up for the inflexibility of Tapestry's built-in classes. You are welcome to my class, if desired. I'm sure just about everyone has written their own to be more flexible than HibernateGridDataSource. 2. AJAX: the biggest issue I've faced is wanting to put forms inside of a popup dialog, e.g. Modalbox. I'd love to see a well-written example that just works, including form validation (client and server). I've hacked up something that works for me, but it's not a component because the JavaScript needs to know too much about the page. I'm sure it's possible, I just haven't explored it enough. Another one is how to use something like Modalbox to do a confirm delete dialog on a button or link. 3. As many examples of customizing built-in Tapestry behavior as possible would be great. For example, I wrote a validator contribution that looks in .properties files so you can add validators to BeanEditorForms easily. That sort of stuff is nice to see how it should be done well, for example, I never could figure out how to allow for .properties inheritance (e.g. component, page, application-level.) 4. You have symbols listed. A nice description of some of the more useful ones would be great. 5. Load balancing and Tapestry under Tomcat and whatever other containers are popular. Included should be techniques to minimize session state while keeping excellent performance. 6. Publish and Subscribe, maybe via cometd. Integrating Apache CXF, too (as client and server.) 7. Elegant ways to extend Grids to support multiple HTML rows per data row. A more clever way to set default sorting. An example where you store sort order as preferences (e.g. in a database). 8. Provide a library that implements a lot of the more commonly needed stuff, like #1, #2, a click once, ajax spinner, JodaTime support, etc. 9. Widget integration best practices (AJAX and non-AJAX.) Probably sticking to jQuery, since that seems to be the way of the future. Anyway, I'd be interested in such a book. If you want to do Kickstarter, maybe Howard can "sponsor" it? Norman Franke Answering Service for Directors, Inc. www.myasd.com
