On Aug 6, 2013, at 7:22 AM, Thiago H de Paula Figueiredo <thiag...@gmail.com> 
wrote:

>> Some topics I'd be interested in:
>> - Application security, authentication and authorization- best practices
>> with several popular frameworks
> 
> Several popular frameworks? Which ones?
> 
> Doesn't this fall a little over the focus of the book, which is Tapestry 
> itself? The book can talk about setting up Apache Shiro via 
> tapestry-security, for example, but then talking about Shiro specifically 
> looks like lack of coesion (in the OOP sense) to me. Of course, security is 
> very important.

I think the fact that Tapestry doesn't offer a security framework out of the 
box is sort of silly in this day and age. I've never worked on a web site that 
didn't need authentication and authorization support. So I definitely think you 
should talk about it at least enough to implement a non-trivial application 
with custom login pages and database-driven users/roles. Going with whatever 
library is considered "best practice" should be enough, e.g. tapestry-security. 
Maybe best practice has yet to be written.

Solutions like tapestry-security cache page requires roles and changes don't 
take effect until you restart. Shiro caches roles between sessions, too, which 
leads to all sorts of problems if you change them. Basically, it still doesn't 
"just work" and a working, flexible solution needs to be there to use Tapestry 
for anything non-trivial.

One thing that always messes me up, and for which I've still never found a 
solution, is to have a login page loaded with HTTPS, form submission via HTTPS 
and then switch back to normal HTTP for performance. It just won't work due to 
the secure cookies. This is but one challenge to writing a full-featured 
application. 

Other topic ideas and elaborations on your ideas:

1. A decent example to do Grid Data Sources. I've written my own class, 
SQLQueryGridDataSource to make up for the inflexibility of Tapestry's built-in 
classes. You are welcome to my class, if desired. I'm sure just about everyone 
has written their own to be more flexible than HibernateGridDataSource.

2. AJAX: the biggest issue I've faced is wanting to put forms inside of a popup 
dialog, e.g. Modalbox. I'd love to see a well-written example that just works, 
including form validation (client and server). I've hacked up something that 
works for me, but it's not a component because the JavaScript needs to know too 
much about the page. I'm sure it's possible, I just haven't explored it enough. 
Another one is how to use something like Modalbox to do a confirm delete dialog 
on a button or link.

3. As many examples of customizing built-in Tapestry behavior as possible would 
be great. For example, I wrote a validator contribution that looks in 
.properties files so you can add validators to BeanEditorForms easily. That 
sort of stuff is nice to see how it should be done well, for example, I never 
could figure out how to allow for .properties inheritance (e.g. component, 
page, application-level.) 

4. You have symbols listed. A nice description of some of the more useful ones 
would be great. 

5. Load balancing and Tapestry under Tomcat and whatever other containers are 
popular. Included should be techniques to minimize session state while keeping 
excellent performance.

6. Publish and Subscribe, maybe via cometd. Integrating Apache CXF, too (as 
client and server.)

7. Elegant ways to extend Grids to support multiple HTML rows per data row. A 
more clever way to set default sorting. An example where you store sort order 
as preferences (e.g. in a database). 

8. Provide a library that implements a lot of the more commonly needed stuff, 
like #1, #2, a click once, ajax spinner, JodaTime support, etc.

9. Widget integration best practices (AJAX and non-AJAX.) Probably sticking to 
jQuery, since that seems to be the way of the future.

Anyway, I'd be interested in such a book. If you want to do Kickstarter, maybe 
Howard can "sponsor" it? 

Norman Franke
Answering Service for Directors, Inc.
www.myasd.com

Reply via email to