Author: buildbot
Date: Tue Jan 21 20:20:49 2014
New Revision: 895005
Log:
Production update by buildbot for tapestry
Modified:
websites/production/tapestry/content/assets.html
websites/production/tapestry/content/cache/main.pageCache
websites/production/tapestry/content/security-faq.html
Modified: websites/production/tapestry/content/assets.html
==============================================================================
--- websites/production/tapestry/content/assets.html (original)
+++ websites/production/tapestry/content/assets.html Tue Jan 21 20:20:49 2014
@@ -95,7 +95,7 @@
<span class="icon icon-page" title="Page">Page:</span>
</div>
<div class="details">
- <a shape="rect"
href="configuration.html">Configuration</a>
+ <a shape="rect"
href="layout-component.html">Layout Component</a>
</div>
@@ -104,7 +104,7 @@
<span class="icon icon-page" title="Page">Page:</span>
</div>
<div class="details">
- <a shape="rect"
href="layout-component.html">Layout Component</a>
+ <a shape="rect"
href="javascript.html">JavaScript</a>
</div>
@@ -113,7 +113,7 @@
<span class="icon icon-page" title="Page">Page:</span>
</div>
<div class="details">
- <a shape="rect"
href="javascript.html">JavaScript</a>
+ <a shape="rect" href="css.html">CSS</a>
</div>
@@ -122,7 +122,7 @@
<span class="icon icon-page" title="Page">Page:</span>
</div>
<div class="details">
- <a shape="rect" href="css.html">CSS</a>
+ <a shape="rect"
href="configuration.html">Configuration</a>
</div>
@@ -160,91 +160,7 @@ private Asset style;
<p>The use of the <code>${...</code>} syntax here
is a <em>symbol expansion</em> (because it occurs in an annotation in Java
code), rather than a <em>template expansion</em> (which occurs only in Tapestry
template files).</p>
</div>
</div>
-<p>An override of the skin.root symbol would affect all references to the
named asset.</p><h2 id="Assets-LocalizationofAssets">Localization of
Assets</h2><p>Main Article: <a shape="rect"
href="localization.html">Localization</a></p><p>Assets are localized; Tapestry
will search for a variation of the file appropriate to the effective locale for
the request. In the previous example, a German user of the application may see
a file named <code>edit_de.png</code> (if such a file exists).</p><h2
id="Assets-NewAssetDomains">New Asset Domains</h2><p>If you wish to create new
domains for assets, for example to allow assets to be stored on the file system
or in a database, you may define a new <a shape="rect" class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/AssetFactory.html";>AssetFactory</a>
and contribute it to the <a shape="rect" class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/AssetSour
ce.html">AssetSource</a> service configuration.</p><h2
id="Assets-AssetURLs">Asset URLs</h2><p>Tapestry creates a new URL for assets
(whether context or classpath). The URL is of the form
/assets/<strong>version</strong>/<strong>folder</strong>/<strong>path</strong>.</p><ul><li><strong>version</strong>:
Application version number, defined by the
<code>tapestry.application-version</code> symbol in your application module
(normally AppModule.java). The default is a random hex
number.</li><li><strong>folder</strong>: Identifies the library containing the
asset, or "ctx" for a context asset, or "stack" (used when combining multiple
JavaScript files into a single virtual asset).</li><li><strong>path</strong>:
The path below the root package of the library to the specific asset
file.</li></ul><h2 id="Assets-PerformanceNotes">Performance Notes</h2><p>Assets
are expected to be entirely static (not changing while the application is
deployed). This allows Tapestry to perform some important pe
rformance optimizations.</p><p>Tapestry GZIP compresses the content of all
assets – if the asset is compressible, the client supports it, and you
don't <a shape="rect"
href="configuration.html#Configuration-tapestry.gzipcompressionenabled">explicitly
disable it</a>.</p><p>When Tapestry generates a URL for an asset, either on
the classpath or from the context, the URL includes the application version
number. Further, the asset will get a <em>far future expires header</em>, which
will encourage the client browser to cache the asset.</p><p>You should have an
explicit application version number for any production application. Client
browsers will aggressively cache downloaded assets; they will usually not even
send a request to see if the asset has changed once the asset is downloaded the
first time. Because of this it is <em>very important</em> that each new
deployment of your application has a new <a shape="rect"
href="configuration.html#Configuration-tapestry.applicationversion
">version number</a>, to force existing clients to re-download all
assets.</p><h2 id="Assets-AssetSecurity">Asset Security</h2><p>Because Tapestry
directly exposes files on the classpath to the clients, some thought has gone
into ensuring that malicious clients are not able to download assets that
should not be visible to them.</p><p>First off all, there's a package
limitation: classpath assets are only visible if there's a <a shape="rect"
class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/LibraryMapping.html";>LibraryMapping</a>
for them, and the library mapping substitutes for the initial folders on the
classpath. Since the most secure assets, things like
<code>hibernate.cfg.xml</code> are located in the unnamed package, they are
always off limits.</p><p>But what about other files on the classpath? Imagine
this scenario:</p><ul><li>Your Login page exposes a classpath asset,
<code>icon.png</code>.</li><li><p>A malicious client copies
the URL, <code>/assets/1.0.0/app/pages/icon.png</code>,</p><style
type='text/css'>
-.FootnoteMarker, .FootnoteNum a {
- background: transparent
url(/confluence/download/resources/com.adaptavist.confluence.footnoteMacros:footnote/gfx/footnote.png)
no-repeat top right;
- padding: 1px 2px 0px 1px;
- border-left: 1px solid #8898B8;
- border-bottom: 1px solid #6B7C9B;
- margin: 1px;
- text-decoration: none;
-}
-.FootnoteNum a {
- margin-top: 2px;
- margin-right: 0px;
-}
-.FootnoteNum {
- font-size: x-small;
- text-align: right;
- padding-bottom: 4px;
-}
-.footnote-th1 {
- text-align: right;
-}
-.Footnote {
- padding-left: 7px;
- margin-bottom: 4px;
- border: 1px none #DDDDDD;
- writingMode: tb-rl;
-}
-.accessibility {
- display: none;
- visibility: hidden;
-}
-@media aural,braille,embossed {
- .FootnoteMarker, .FootnoteNum a {
- border: 1px solid #000000;
- background: #ffffff none;
- }
- .accessibility {
- display: run-in;
- visibility: visible;
- }
-}
-</style>
-<script type='text/javascript' language='JavaScript'>
-//<!--\n
-var effectInProgress = {};
-var despamEffect = function (id,effectType,duration) {
- if ((effectInProgress[id]) || (typeof(Effect)=="undefined") ||
(typeof(Effect[effectType])=="undefined")) return;
- new Effect[effectType](id);
- effectInProgress[id]=true;
- setTimeout('effectInProgress[\"'+id+'\"]=false;',duration*1000);
-};
-var oldFootnoteId = '';
-var footnoteHighlight = function(id,pulsateNum) {
- if (oldFootnoteId!='')
document.getElementById('Footnote'+oldFootnoteId).style['borderStyle'] = 'none';
- oldFootnoteId = id;
- document.getElementById('Footnote'+id).style['borderStyle'] = 'solid';
- despamEffect('Footnote'+id,'Highlight',1)
- if (pulsateNum) despamEffect('FootnoteNum'+id,'Pulsate',3)
-}
-var footnoteMarkerHighlight = function(id) {
- if (oldFootnoteId!='')
document.getElementById('Footnote'+oldFootnoteId).style['borderStyle'] = 'none';
- oldFootnoteId = '';
- despamEffect('FootnoteMarker'+id,'Pulsate',3)
-}
-//-->
-</script>
-
-<sup id="FootnoteMarker1">
- <a shape="rect" class="FootnoteMarker" name="FootnoteMarker1"
href="#Footnote1" onclick="footnoteHighlight("1",true);"
alt="Footnote: Click here to display the footnote" title="Footnote: Click here
to display the footnote">
- 1
- </a>
-</sup>
-<p>and changes the file name to <code>Login.class</code>.</p></li><li><p>The
client decompiles the class file and spots your secret emergency password:
goodbye security!</p>
-<sup id="FootnoteMarker2">
- <a shape="rect" class="FootnoteMarker" name="FootnoteMarker2"
href="#Footnote2" onclick="footnoteHighlight("2",true);"
alt="Footnote: Click here to display the footnote" title="Footnote: Click here
to display the footnote">
- 2
- </a>
-</sup>
-</li></ul><p>Fortunately, this can't happen. Files with extension ".class" are
secured; they must be accompanied in the URL with a query parameter that is the
MD5 hash of the file's contents. If the query parameter is absent, or doesn't
match the actual file's content, the request is rejected.</p><p>When your code
exposes an Asset, the URL will automatically include the query parameter if the
file type is secured. The malicious user is locked out of access to the
files</p>
-<sup id="FootnoteMarker3">
- <a shape="rect" class="FootnoteMarker" name="FootnoteMarker3"
href="#Footnote3" onclick="footnoteHighlight("3",true);"
alt="Footnote: Click here to display the footnote" title="Footnote: Click here
to display the footnote">
- 3
- </a>
-</sup>
-<p>.</p><p> </p><p>By default, Tapestry secures file extensions ".class',
".tml" and ".properties". The list can be extended by contributing to the <a
shape="rect" class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ResourceDigestGenerator.html";>ResourceDigestGenerator</a>
service:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>AppModule.java (partial)</b></div><div class="codeContent panelContent
pdl">
+<p>An override of the skin.root symbol would affect all references to the
named asset.</p><h2 id="Assets-LocalizationofAssets">Localization of
Assets</h2><p>Main Article: <a shape="rect"
href="localization.html">Localization</a></p><p>Assets are localized; Tapestry
will search for a variation of the file appropriate to the effective locale for
the request. In the previous example, a German user of the application may see
a file named <code>edit_de.png</code> (if such a file exists).</p><h2
id="Assets-NewAssetDomains">New Asset Domains</h2><p>If you wish to create new
domains for assets, for example to allow assets to be stored on the file system
or in a database, you may define a new <a shape="rect" class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/AssetFactory.html";>AssetFactory</a>
and contribute it to the <a shape="rect" class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/AssetSour
ce.html">AssetSource</a> service configuration.</p><h2
id="Assets-AssetURLs">Asset URLs</h2><p>Tapestry creates a new URL for assets
(whether context or classpath). The URL is of the form
/assets/<strong>version</strong>/<strong>folder</strong>/<strong>path</strong>.</p><ul><li><strong>version</strong>:
Application version number, defined by the
<code>tapestry.application-version</code> symbol in your application module
(normally AppModule.java). The default is a random hex
number.</li><li><strong>folder</strong>: Identifies the library containing the
asset, or "ctx" for a context asset, or "stack" (used when combining multiple
JavaScript files into a single virtual asset).</li><li><strong>path</strong>:
The path below the root package of the library to the specific asset
file.</li></ul><h2 id="Assets-PerformanceNotes">Performance Notes</h2><p>Assets
are expected to be entirely static (not changing while the application is
deployed). This allows Tapestry to perform some important pe
rformance optimizations.</p><p>Tapestry GZIP compresses the content of all
assets – if the asset is compressible, the client supports it, and you
don't <a shape="rect"
href="configuration.html#Configuration-tapestry.gzipcompressionenabled">explicitly
disable it</a>.</p><p>When Tapestry generates a URL for an asset, either on
the classpath or from the context, the URL includes the application version
number. Further, the asset will get a <em>far future expires header</em>, which
will encourage the client browser to cache the asset.</p><p>You should have an
explicit application version number for any production application. Client
browsers will aggressively cache downloaded assets; they will usually not even
send a request to see if the asset has changed once the asset is downloaded the
first time. Because of this it is <em>very important</em> that each new
deployment of your application has a new <a shape="rect"
href="configuration.html#Configuration-tapestry.applicationversion
">version number</a>, to force existing clients to re-download all
assets.</p><h2 id="Assets-AssetSecurity">Asset Security</h2><p>Because Tapestry
directly exposes files on the classpath to the clients, some thought has gone
into ensuring that malicious clients are not able to download assets that
should not be visible to them.</p><p>First off all, there's a package
limitation: classpath assets are only visible if there's a <a shape="rect"
class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/LibraryMapping.html";>LibraryMapping</a>
for them, and the library mapping substitutes for the initial folders on the
classpath. Since the most secure assets, things like
<code>hibernate.cfg.xml</code> are located in the unnamed package, they are
always off limits.</p><p>But what about other files on the classpath? Imagine
this scenario:</p><ul><li>Your Login page exposes a classpath asset,
<code>icon.png</code>.</li><li><p>A malicious client copies
the URL, <code>/assets/1.0.0/app/pages/icon.png (</code><span
style="line-height: 1.4285715;">which would indicate that the Login page is
actually inside a library, which is unlikely. More likely, icon.png is a
context asset and the malicious user guessed the path for Login.class by
looking at the Tapestry source code.) </span><span style="line-height:
1.4285715;">and changes the file name to </span><code style="line-height:
1.4285715;">Login.class</code><span style="line-height:
1.4285715;">.</span></p></li><li><p>The client decompiles the class file and
spots your secret emergency password: goodbye security! (<span
style="line-height: 1.4285715;">Never create such back doors, of
course!)</span></p></li></ul><p>Fortunately, this can't happen. Files with
extension ".class" are secured; they must be accompanied in the URL with a
query parameter that is the MD5 hash of the file's contents. If the query
parameter is absent, or doesn't match the actual file's content, the request
is rejected.</p><p>When your code exposes an Asset, the URL will automatically
include the query parameter if the file type is secured. The malicious user is
locked out of access to the files. (<span style="line-height:
1.4285715;">Unless they already have the files so that they can generate the
MD5 checksum ... to get access to the files they already have.)</span></p><p>By
default, Tapestry secures file extensions ".class', ".tml" and ".properties".
The list can be extended by contributing to the <a shape="rect"
class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ResourceDigestGenerator.html";>ResourceDigestGenerator</a>
service:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>AppModule.java (partial)</b></div><div class="codeContent panelContent
pdl">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[public static void
contributeResourceDigestGenerator(Configuration<String> configuration)
{
configuration.add("xyz");
@@ -273,25 +189,7 @@ public static void contributeMinimizers(
configuration.addInstance("text/coffeescript",
CoffeeScriptMinimizer.class);
}
]]></script>
-</div></div><p> </p><p> </p><table class="Footnotes" style="width:
100%; border:none;" cellspacing="0" cellpadding="0" summary="This table
contains one or more notes for references made elsewhere on the page."><caption
class="accessibility">Footnotes</caption><thead class="accessibility"><tr
class="accessibility"><th colspan="1" rowspan="1" class="accessibility"
id="footnote-th1">Reference</th><th colspan="1" rowspan="1"
class="accessibility" id="footnote-th2">Notes</th></tr></thead><tbody><tr
name="Footnote1"><td colspan="1" rowspan="1" valign="top" class="FootnoteNum"
headings="footnote-th1">
- <a shape="rect" id="FootnoteNum1" href="#FootnoteMarker1"
onclick="footnoteMarkerHighlight("1");"
onmouseover="footnoteHighlight("1",false);" alt="Footnote: Click to
return to reference in text" title="Footnote: Click to return to reference in
text">
- 1
- </a>
- </td><td colspan="1" rowspan="1" valign="top" class="Footnote"
id="Footnote1" width="100%" headings="footnote-th2">
- This would indicate that the Login page is actually inside a
library, which is unlikely. More likely, <code>icon.png</code> is a context
asset and the malicious user guessed the path for <code>Login.class</code> by
looking at the Tapestry source code.
- </td></tr><tr name="Footnote2"><td colspan="1" rowspan="1" valign="top"
class="FootnoteNum" headings="footnote-th1">
- <a shape="rect" id="FootnoteNum2" href="#FootnoteMarker2"
onclick="footnoteMarkerHighlight("2");"
onmouseover="footnoteHighlight("2",false);" alt="Footnote: Click to
return to reference in text" title="Footnote: Click to return to reference in
text">
- 2
- </a>
- </td><td colspan="1" rowspan="1" valign="top" class="Footnote"
id="Footnote2" width="100%" headings="footnote-th2">
- Never create such back doors, of course!
- </td></tr><tr name="Footnote3"><td colspan="1" rowspan="1" valign="top"
class="FootnoteNum" headings="footnote-th1">
- <a shape="rect" id="FootnoteNum3" href="#FootnoteMarker3"
onclick="footnoteMarkerHighlight("3");"
onmouseover="footnoteHighlight("3",false);" alt="Footnote: Click to
return to reference in text" title="Footnote: Click to return to reference in
text">
- 3
- </a>
- </td><td colspan="1" rowspan="1" valign="top" class="Footnote"
id="Footnote3" width="100%" headings="footnote-th2">
- Unless they already have the files so that they can generate the MD5
checksum ... to get access to the files they already have.
- </td></tr></tbody></table></div>
+</div></div><p> </p><p> </p><p> </p></div>
</div>
<div class="clearer"></div>
Modified: websites/production/tapestry/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/tapestry/content/security-faq.html
==============================================================================
--- websites/production/tapestry/content/security-faq.html (original)
+++ websites/production/tapestry/content/security-faq.html Tue Jan 21 20:20:49
2014
@@ -77,27 +77,44 @@ table.ScrollbarTable td.ScrollbarParent
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width:
16px;border: none;}
-/*]]>*/</style><div class="Scrollbar"><table class="ScrollbarTable"><tr><td
colspan="1" rowspan="1" class="ScrollbarPrevIcon"><a shape="rect"
href="tapestry-inversion-of-control-faq.html"><img align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/back_16.gif"; width="16"
height="16"></a></td><td colspan="1" rowspan="1" class="ScrollbarPrevName"
width="33%"><a shape="rect"
href="tapestry-inversion-of-control-faq.html">Tapestry Inversion of Control
FAQ</a> </td><td colspan="1" rowspan="1" class="ScrollbarParent"
width="33%"><sup><a shape="rect" href="frequently-asked-questions.html"><img
align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/up_16.gif"; width="8"
height="8"></a></sup><a shape="rect"
href="frequently-asked-questions.html">Frequently Asked Questions</a></td><td
colspan="1" rowspan="1" class="ScrollbarNextName" width="33%"> <a
shape="rect" href="integration-with-existing-applications.html">Integration
with existi
ng applications</a></td><td colspan="1" rowspan="1"
class="ScrollbarNextIcon"><a shape="rect"
href="integration-with-existing-applications.html"><img align="middle"
border="0" src="https://cwiki.apache.org/confluence/images/icons/forwd_16.gif";
width="16" height="16"></a></td></tr></table></div>
-
-<h2 id="SecurityFAQ-SecurityFAQ">Security FAQ </h2>
-
-<h3
id="SecurityFAQ-Thebuilt-inPageCatalogandServiceStatuspagesarevisibleinmyproductionapplicationandIdon'twantthemtobe,whatcanIdo?">The
built-in PageCatalog and ServiceStatus pages are visible in my production
application and I don't want them to be, what can I do?</h3>
-
-<p>First off all, don't panic: these pages are marked with the @<a
shape="rect" class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html";>WhitelistAccessOnly</a>
annotation, which makes them invisible to clients that are not on the
whitelist. Try accessing the page from a different workstation and you may
find that the pages are not visible after all.</p>
-
-<p>Sometimes, in production, a firewall or proxy may make it look like the
client web browser originates from localhost; in that situation, you may want
to disable the logic that puts localhost onto the whitelist. This
determination is made by the contributions to the <a shape="rect"
class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/security/ClientWhitelist.html";>ClientWhitelist</a>
service. Tapestry makes a contribution with id "LocalhostOnly", which one of
your modules can override:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
- @Contribute(ClientWhitelist.class)
+/*]]>*/</style><div class="Scrollbar"><table class="ScrollbarTable"><tr><td
colspan="1" rowspan="1" class="ScrollbarPrevIcon"><a shape="rect"
href="tapestry-inversion-of-control-faq.html"><img align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/back_16.gif"; width="16"
height="16"></a></td><td colspan="1" rowspan="1" class="ScrollbarPrevName"
width="33%"><a shape="rect"
href="tapestry-inversion-of-control-faq.html">Tapestry Inversion of Control
FAQ</a> </td><td colspan="1" rowspan="1" class="ScrollbarParent"
width="33%"><sup><a shape="rect" href="frequently-asked-questions.html"><img
align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/up_16.gif"; width="8"
height="8"></a></sup><a shape="rect"
href="frequently-asked-questions.html">Frequently Asked Questions</a></td><td
colspan="1" rowspan="1" class="ScrollbarNextName" width="33%"> <a
shape="rect" href="integration-with-existing-applications.html">Integration
with existi
ng applications</a></td><td colspan="1" rowspan="1"
class="ScrollbarNextIcon"><a shape="rect"
href="integration-with-existing-applications.html"><img align="middle"
border="0" src="https://cwiki.apache.org/confluence/images/icons/forwd_16.gif";
width="16" height="16"></a></td></tr></table></div><h2
id="SecurityFAQ-SecurityFAQ">Security FAQ</h2><div class="navmenu"
style="float:right; background:#eee; margin:3px; padding:3px">
+<h3>Related Articles</h3>
+<ul class="content-by-label"><li>
+ <div>
+ <span class="icon icon-page" title="Page">Page:</span>
</div>
+
+ <div class="details">
+ <a shape="rect" href="security.html">Security</a>
+
+
+ </div>
+ </li><li>
+ <div>
+ <span class="icon icon-page" title="Page">Page:</span>
</div>
+
+ <div class="details">
+ <a shape="rect" href="https.html">HTTPS</a>
+
+
+ </div>
+ </li><li>
+ <div>
+ <span class="icon icon-page" title="Page">Page:</span>
</div>
+
+ <div class="details">
+ <a shape="rect" href="security-faq.html">Security
FAQ</a>
+
+
+ </div>
+ </li></ul>
+</div><h3
id="SecurityFAQ-Thebuilt-inPageCatalogandServiceStatuspagesarevisibleinmyproductionapplicationandIdon'twantthemtobe,whatcanIdo?">The
built-in PageCatalog and ServiceStatus pages are visible in my production
application and I don't want them to be, what can I do?</h3><p>First off all,
don't panic: these pages are marked with the @<a shape="rect"
class="external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html";>WhitelistAccessOnly</a>
annotation, which makes them invisible to clients that are not on the
whitelist. Try accessing the page from a different workstation and you may find
that the pages are not visible after all.</p><p>Sometimes, in production, a
firewall or proxy may make it look like the client web browser originates from
localhost; in that situation, you may want to disable the logic that puts
localhost onto the whitelist. This determination is made by the contributions
to the <a shape="rect" class=
"external-link"
href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/security/ClientWhitelist.html";>ClientWhitelist</a>
service. Tapestry makes a contribution with id "LocalhostOnly", which one of
your modules can override:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[ @Contribute(ClientWhitelist.class)
public static void
turnOffLocalhostInProduction(OrderedConfiguration<WhitelistAnalyzer>
configuration,
@Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) {
if (productionMode) { configuration.override("LocalhostOnly",
null); }
}
]]></script>
-</div></div>
-
-<style type="text/css">/*<![CDATA[*/
+</div></div><style type="text/css">/*<![CDATA[*/
table.ScrollbarTable {border: none;padding: 3px;width: 100%;padding:
3px;margin: 0px;background-color: #f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width:
16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
@@ -105,7 +122,7 @@ table.ScrollbarTable td.ScrollbarParent
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width:
16px;border: none;}
-/*]]>*/</style><div class="Scrollbar"><table class="ScrollbarTable"><tr><td
colspan="1" rowspan="1" class="ScrollbarPrevIcon"><a shape="rect"
href="tapestry-inversion-of-control-faq.html"><img align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/back_16.gif"; width="16"
height="16"></a></td><td colspan="1" rowspan="1" class="ScrollbarPrevName"
width="33%"><a shape="rect"
href="tapestry-inversion-of-control-faq.html">Tapestry Inversion of Control
FAQ</a> </td><td colspan="1" rowspan="1" class="ScrollbarParent"
width="33%"><sup><a shape="rect" href="frequently-asked-questions.html"><img
align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/up_16.gif"; width="8"
height="8"></a></sup><a shape="rect"
href="frequently-asked-questions.html">Frequently Asked Questions</a></td><td
colspan="1" rowspan="1" class="ScrollbarNextName" width="33%"> <a
shape="rect" href="integration-with-existing-applications.html">Integration
with existi
ng applications</a></td><td colspan="1" rowspan="1"
class="ScrollbarNextIcon"><a shape="rect"
href="integration-with-existing-applications.html"><img align="middle"
border="0" src="https://cwiki.apache.org/confluence/images/icons/forwd_16.gif";
width="16" height="16"></a></td></tr></table></div> </div>
+/*]]>*/</style><div class="Scrollbar"><table class="ScrollbarTable"><tr><td
colspan="1" rowspan="1" class="ScrollbarPrevIcon"><a shape="rect"
href="tapestry-inversion-of-control-faq.html"><img align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/back_16.gif"; width="16"
height="16"></a></td><td colspan="1" rowspan="1" class="ScrollbarPrevName"
width="33%"><a shape="rect"
href="tapestry-inversion-of-control-faq.html">Tapestry Inversion of Control
FAQ</a> </td><td colspan="1" rowspan="1" class="ScrollbarParent"
width="33%"><sup><a shape="rect" href="frequently-asked-questions.html"><img
align="middle" border="0"
src="https://cwiki.apache.org/confluence/images/icons/up_16.gif"; width="8"
height="8"></a></sup><a shape="rect"
href="frequently-asked-questions.html">Frequently Asked Questions</a></td><td
colspan="1" rowspan="1" class="ScrollbarNextName" width="33%"> <a
shape="rect" href="integration-with-existing-applications.html">Integration
with existi
ng applications</a></td><td colspan="1" rowspan="1"
class="ScrollbarNextIcon"><a shape="rect"
href="integration-with-existing-applications.html"><img align="middle"
border="0" src="https://cwiki.apache.org/confluence/images/icons/forwd_16.gif";
width="16" height="16"></a></td></tr></table></div></div>
</div>
<div class="clearer"></div>
![https://cwiki.apache.org/confluence/images/icons/back_16.gif"](https://cwiki.apache.org/confluence/images/icons/back_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/up_16.gif"](https://cwiki.apache.org/confluence/images/icons/up_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/forwd_16.gif"](https://cwiki.apache.org/confluence/images/icons/forwd_16.gif"){kind=link}