OK, now published a page describing this stuff [1], linked to from the main
documentation page [2]

Dan

[1] http://isis.apache.org/core/deployment-type.html
[2] http://isis.apache.org/documentation.html


~~~~~~
On 17 December 2012 17:50, Dan Haywood <[email protected]> wrote:

> Hi Adam,
> This is a security thing.  If the deploymentType is not set, it defaults
> to SERVER.  If the isis.authorization is not set, its default depends on
> the deploymentType (more specifically, the deploymentType's
> deploymentCategory).
>
> As per InstallerLookupDefault#authorizationManagerInstaller():
>
> * if exploration, then it is "bypass" (previously called "dflt")
> * if prototyping or production, then it is "file".
>
> The reason for the change in the behaviour from the early snapshot is that
> we now [1] automatically configure the AuthorizationFacetFactory as a
> side-effect of specifying (or defaulting) the isis.authorization component.
>  So, the defaulting stuff hasn't actually changed, but the fact that these
> facets are now installed is what causes the actions to disappear.
>
> I'll write a page on our new whizzy website to explain this.
>
> Dan
>
> [1] https://issues.apache.org/jira/browse/ISIS-274
>
> On 17 December 2012 02:32, Adam Howard <[email protected]> wrote:
>
>> Did some further experiments.
>>
>> If I have no isis.authorization property or deploymentType param defined
>> then the actions are missing.
>>
>> If I set the isis.authorization=dflt (old name for bypass) then the
>> actions
>> show up.
>> OR
>> If I set the deploymentType to SERVER_EXPLORATION then the actions show
>> up.
>>
>> If I set the deploymentType to SERVER the actions are missing.
>>
>> I guess my main question is should there be a warning message when neither
>> of these are set that things will be hidden. That probably depends on what
>> the default settings are for these two properties.
>>
>> --
>> Adam
>>
>>
>> On Sun, Dec 16, 2012 at 11:33 AM, Jeroen van der Wal <[email protected]
>> >wrote:
>>
>> > Did you try to set isis.authorization=bypass in isis.properties? This
>> will
>> > invoke AuthorizorBypass which make all methods visible to all
>> authenticated
>> > users.
>> >
>> >
>> >
>> >
>> > On Sat, Dec 15, 2012 at 6:07 PM, Adam Howard <[email protected]>
>> > wrote:
>> >
>> > > I started a project from the 0.2.0-incubating quickstart archetype and
>> > then
>> > > upgraded the Isis version to 0.3.1-incubating-SNAPSHOT. Everything
>> still
>> > > worked fine.
>> > >
>> > > Then I took a few months off and now I've come back to it. I updated
>> the
>> > > dependencies and started the webapp.
>> > >
>> > > Navigating to http://localhost:8080 gives me the RO home page. I can
>> > click
>> > > on the services link and I see my repositories. I then click on one
>> of my
>> > > repositories and I get it's description but it has no members,
>> meaning no
>> > > actions.
>> > >
>> > > I did some poking around and found that the 0.2.0 archetype did not
>> set a
>> > > deploymentType context-param in web.xml. I added
>> > >
>> > > <context-param>
>> > >   <param-name>deploymentType</param-name>
>> > >   <param-value>SERVER_EXPLORATION</param-value>
>> > > </context-param>
>> > >
>> > > and the actions returned to the repository representation. This also
>> > > happens in 0.3.1-SNAPSHOT.
>> > >
>> > > There should probably be some sort of warning if the user fails to set
>> > this
>> > > parameter if it's required.
>> > >
>> > > Adam
>> > >
>> >
>>
>
>

Reply via email to