Author: buildbot Date: Sat Jan 25 13:20:42 2014 New Revision: 895386 Log: Production update by buildbot for tapestry
Modified: websites/production/tapestry/content/cache/main.pageCache websites/production/tapestry/content/https.html websites/production/tapestry/content/security.html Modified: websites/production/tapestry/content/cache/main.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/tapestry/content/https.html ============================================================================== --- websites/production/tapestry/content/https.html (original) +++ websites/production/tapestry/content/https.html Sat Jan 25 13:20:42 2014 @@ -69,7 +69,37 @@ </div> <div id="content"> -<div id="ConfluenceContent"><h1 id="HTTPS-SecuringyourapplicationwithHTTPS">Securing your application with HTTPS</h1><p>Tapestry assumes your application will be primarily deployed as a standard web application, using HTTP (not HTTPS) as the transport mechanism.</p><p>However, many applications will need to have some of their pages secured: only accessible via HTTPS. This could be a login page, or a product ordering wizard, or administrative pages.</p><p>All that is necessary to mark a page as secure is to add the @Secure annotation to the page class:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<div id="ConfluenceContent"><h1 id="HTTPS-SecuringyourapplicationwithHTTPS">Securing your application with HTTPS</h1><pre> </pre><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:3px"> +<h3>Related Articles</h3> +<ul class="content-by-label"><li> + <div> + <span class="icon icon-page" title="Page">Page:</span> </div> + + <div class="details"> + <a shape="rect" href="security-faq.html">Security FAQ</a> + + + </div> + </li><li> + <div> + <span class="icon icon-page" title="Page">Page:</span> </div> + + <div class="details"> + <a shape="rect" href="security.html">Security</a> + + + </div> + </li><li> + <div> + <span class="icon icon-page" title="Page">Page:</span> </div> + + <div class="details"> + <a shape="rect" href="https.html">HTTPS</a> + + + </div> + </li></ul> +</div><p>Tapestry assumes your application will be primarily deployed as a standard web application, using HTTP (not HTTPS) as the transport mechanism.</p><p>However, many applications will need to have some of their pages secured: only accessible via HTTPS. This could be a login page, or a product ordering wizard, or administrative pages.</p><p>All that is necessary to mark a page as secure is to add the @Secure annotation to the page class:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[@Secure public class ProcessOrder { Modified: websites/production/tapestry/content/security.html ============================================================================== --- websites/production/tapestry/content/security.html (original) +++ websites/production/tapestry/content/security.html Sat Jan 25 13:20:42 2014 @@ -108,7 +108,7 @@ </div> </li></ul> -</div><h2 id="Security-HTTPS-onlyPages">HTTPS-only Pages</h2><p>Main Article: <a shape="rect" href="https.html">HTTPS</a></p><p>Tapestry provides several annotations and configuration settings that you can use to <span style="text-align: justify;line-height: 1.4285715;">ensure that all access to certain pages–or all pages–occurs only via the encrypted HTTPS protocol</span><span style="text-align: justify;line-height: 1.4285715;">. See <a shape="rect" href="https.html">HTTPS</a> for details.</span></p><h2 id="Security-ControllingPageAccess"><span style="text-align: justify;line-height: 1.4285715;">Controlling Page Access</span></h2><p><span style="text-align: justify;line-height: 1.4285715;"> </span></p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em"> +</div><h2 id="Security-HTTPS-onlyPages">HTTPS-only Pages</h2><p>Main Article: <a shape="rect" href="https.html">HTTPS</a></p><p>Tapestry provides several annotations and configuration settings that you can use to <span style="text-align: justify;line-height: 1.4285715;">ensure that all access to certain pages (or all pages) occurs only via the encrypted HTTPS protocol</span><span style="text-align: justify;line-height: 1.4285715;">. See <a shape="rect" href="https.html">HTTPS</a> for details.</span></p><h2 id="Security-ControllingPageAccess"><span style="text-align: justify;line-height: 1.4285715;">Controlling Page Access</span></h2><p><span style="text-align: justify;line-height: 1.4285715;"> </span></p><div class="navmenu" style="float:right; background:#eee; margin:3px; padding:0 1em"> <p> <strong>JumpStart Demo:</strong><br clear="none"> <a shape="rect" class="external-link" href="http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages" >Protecting Pages</a></p></div><p><span style="text-align: justify;line-height: 1.4285715;">For simple access control needs, you can contribute a <span><a shape="rect" class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/ComponentRequestFilter.html">ComponentRequestFilter</a> with your custom logic that decides which pages should be accessed by which users.</span></span></p><p><span style="line-height: 1.4285715;text-align: justify;">For more advanced needs see the Security Framework Integration section below.</span></p><h2 id="Security-White-listedPages">White-listed Pages</h2><p>Pages whose component classes are annotated with @<a shape="rect" class="external-link" href="http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/annotations/WhitelistAccessOnly.html">WhitelistAccessOn ly</a> will only be displayed to users (clients) that are on the <em>whitelist</em>. By default the whitelist consists only of clients whose fully-qualified domain name is "localhost" (or the IP address equivalent, 127.0.0.1 or 0:0:0:0:0:0:0:1), but you can customize this by contributing to the ClientWhitelist service in your application's module class (usually AppModule.java):</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>AppModule.java (partial) – simple inline example</b></div><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[ @Contribute(ClientWhitelist.class)