OK, now published a page describing this stuff [1], linked to from the main documentation page [2]
Dan [1] http://isis.apache.org/core/deployment-type.html [2] http://isis.apache.org/documentation.html ~~~~~~ On 17 December 2012 17:50, Dan Haywood <[email protected]> wrote: > Hi Adam, > This is a security thing. If the deploymentType is not set, it defaults > to SERVER. If the isis.authorization is not set, its default depends on > the deploymentType (more specifically, the deploymentType's > deploymentCategory). > > As per InstallerLookupDefault#authorizationManagerInstaller(): > > * if exploration, then it is "bypass" (previously called "dflt") > * if prototyping or production, then it is "file". > > The reason for the change in the behaviour from the early snapshot is that > we now [1] automatically configure the AuthorizationFacetFactory as a > side-effect of specifying (or defaulting) the isis.authorization component. > So, the defaulting stuff hasn't actually changed, but the fact that these > facets are now installed is what causes the actions to disappear. > > I'll write a page on our new whizzy website to explain this. > > Dan > > [1] https://issues.apache.org/jira/browse/ISIS-274 > > On 17 December 2012 02:32, Adam Howard <[email protected]> wrote: > >> Did some further experiments. >> >> If I have no isis.authorization property or deploymentType param defined >> then the actions are missing. >> >> If I set the isis.authorization=dflt (old name for bypass) then the >> actions >> show up. >> OR >> If I set the deploymentType to SERVER_EXPLORATION then the actions show >> up. >> >> If I set the deploymentType to SERVER the actions are missing. >> >> I guess my main question is should there be a warning message when neither >> of these are set that things will be hidden. That probably depends on what >> the default settings are for these two properties. >> >> -- >> Adam >> >> >> On Sun, Dec 16, 2012 at 11:33 AM, Jeroen van der Wal <[email protected] >> >wrote: >> >> > Did you try to set isis.authorization=bypass in isis.properties? This >> will >> > invoke AuthorizorBypass which make all methods visible to all >> authenticated >> > users. >> > >> > >> > >> > >> > On Sat, Dec 15, 2012 at 6:07 PM, Adam Howard <[email protected]> >> > wrote: >> > >> > > I started a project from the 0.2.0-incubating quickstart archetype and >> > then >> > > upgraded the Isis version to 0.3.1-incubating-SNAPSHOT. Everything >> still >> > > worked fine. >> > > >> > > Then I took a few months off and now I've come back to it. I updated >> the >> > > dependencies and started the webapp. >> > > >> > > Navigating to http://localhost:8080 gives me the RO home page. I can >> > click >> > > on the services link and I see my repositories. I then click on one >> of my >> > > repositories and I get it's description but it has no members, >> meaning no >> > > actions. >> > > >> > > I did some poking around and found that the 0.2.0 archetype did not >> set a >> > > deploymentType context-param in web.xml. I added >> > > >> > > <context-param> >> > > <param-name>deploymentType</param-name> >> > > <param-value>SERVER_EXPLORATION</param-value> >> > > </context-param> >> > > >> > > and the actions returned to the repository representation. This also >> > > happens in 0.3.1-SNAPSHOT. >> > > >> > > There should probably be some sort of warning if the user fails to set >> > this >> > > parameter if it's required. >> > > >> > > Adam >> > > >> > >> > >
