Dan, You'll now receive a much more helpful 403 message if you're running in development mode.
Thanks, David On Sun, May 3, 2009 at 12:21 PM, Dan Greening <green...@gmail.com> wrote: > > I just broke my teeth on this problem also (and 2 days wasted later I > discover this thread). I would say "Doh!", but this is hardly a Doh > type of thing. > > Security is important, but also as a new framework, you want rapid > uptake by people who won't read 5 chapters of a book before trying > something out. Many of us (most of us?) read the minimum amount > before jumping in and trying something. > > Here is my proposed user story: As a new Lift user, I can copy-paste > lift-archetype-blank files into my existing web site and gradually add > Lift functionality while unmodified static and JSP content continues > to work. > > Perhaps this could be done by having a simple method on SiteMap to > disable access control. (And then use it in lift-archetype-blank, > with comments of course.) > > Many people will likely do what I did, trying to figure out how to > turn on logging levels, etc. because the behavior they expect is not > what Lift delivers, and then they blame themselves for doing something > obviously stupid. (But failing to read 5 chapters is not "obviously > stupid".) > > Dan Greening > > On Apr 23, 10:01 am, David Pollak <feeder.of.the.be...@gmail.com> > wrote: > > On Thu, Apr 23, 2009 at 9:59 AM, Lee Mighdoll <leemighd...@gmail.com> > wrote: > > > Ah, thanks for the explanation. > > > > > Perhaps a site map entry for /static in the default archtetype? > > > > K... added > > > > > > > > > > > > > Lee > > > > > On Thu, Apr 23, 2009 at 9:51 AM, David Pollak < > > > feeder.of.the.be...@gmail.com> wrote: > > > > >> On Thu, Apr 23, 2009 at 9:48 AM, Lee Mighdoll <leemighd...@gmail.com > >wrote: > > > > >>> Since lift is a servlet filter, can it simply pass through requests > for > > >>> unmapped html pages and let the web container serve them or send a > 404? I > > >>> don't quite understand the security issue, though. > > > > >> Security issues: > > > > >> - Serving "turd" pages left behind by the developers or from an > older > > >> version of the app > > >> - Serving pages that can only be viewed if you're logged in > > > > >>> Lee > > > > >>> re: documentation, I tripped on this getting started as well. > > > > >>> On Thu, Apr 23, 2009 at 8:45 AM, David Pollak < > > >>> feeder.of.the.be...@gmail.com> wrote: > > > > >>>> On Thu, Apr 23, 2009 at 8:30 AM, Andrew Scherpbier < > > >>>> and...@scherpbier.org> wrote: > > > > >>>>> Hi kkarad, > > >>>>> I'm a fellow newbie to lift (and scala) and ran into the same > issue. I > > >>>>> believe the solution is simple: You need to create entries in your > > >>>>> SiteMap for every page. You'll need to do that in your Boot.scala. > > >>>>> Make them Hidden if you don't want them displayed in the menu; you > > >>>>> still > > >>>>> need those entries though. > > > > >>>>> I suggest reading chapter 5 in the "Exploring Lift" book that is > > >>>>> available as a draft PDF. > > >>>>> BTW, to the authors of that book: I spent a lot of time trying to > > >>>>> figure out this exact same issue. Could you make this more > prominent? > > >>>>> Some examples of using multiple pages would be helpful. Since the > > >>>>> SiteMap is so important, I think it would be good to add more > coverage > > >>>>> of it in chapter 3. > > > > >>>> Andrew, > > > > >>>> Thanks for your comments. > > > > >>>> There's a tension in Lift between quick & simple and maintainable & > > >>>> secure. SiteMap is a little heavier weight than simple routing > tables (or > > >>>> doing things by default). On the other hand, SiteMap gives you > security, > > >>>> menu generation, bread crumbs, and much, much more. Perhaps I'll > add > > >>>> something to the 404 when running in development mode (or bespin > mode). > > > > >>>> Thanks, > > > > >>>> David > > > > >>>>> Cheers! > > > > >>>>> --Andrew > > > > >>>>> kkarad wrote: > > >>>>> > Hi all, > > > > >>>>> > I am new to lift web framework. Recently I started working on a > test > > >>>>> > project using google app engine for java and lift. I followed the > > >>>>> > Atsuhiko Yamanaka's instructions and I was able to deploy and run > the > > >>>>> > helloworld example on the google app cloud. > > > > >>>>> > The problem I am facing now is that I cannot access deployed html > > >>>>> > files other than the default (index.html). The problem occurs in > the > > >>>>> > dev_appserver provided by the google app engine sdk. > > > > >>>>> > For instance, the fileupload.xthml file under the webapp folder > > >>>>> cannot > > >>>>> > be accessed using thehttp://localhost:8080/fileupload[or with the > > >>>>> > suffix]. The error message I get back is: The Requested URL / was > not > > >>>>> > found on this server > > > > >>>>> > Due to my lack of lift knowledge I am not able to identify if its > a > > >>>>> > lift or gae/j problem. Could you please help me? > > > > >>>>> > Bellow I include the content of web.xml, appengine-web.xml and > the > > >>>>> > tree structue of the webapp folder in maven. > > > > >>>>> > <web-app> > > >>>>> > <filter> > > >>>>> > <filter-name>LiftFilter</filter-name> > > >>>>> > <display-name>Lift Filter</display-name> > > >>>>> > <description>The Filter that intercepts lift calls</ > > >>>>> > description> > > >>>>> > <filter-class>net.liftweb.http.LiftFilter</filter-class> > > >>>>> > </filter> > > > > >>>>> > <filter-mapping> > > >>>>> > <filter-name>LiftFilter</filter-name> > > >>>>> > <url-pattern>/*</url-pattern> > > >>>>> > </filter-mapping> > > > > >>>>> > <welcome-file-list> > > >>>>> > <welcome-file>index.html</welcome-file> > > >>>>> > </welcome-file-list> > > > > >>>>> > </web-app> > > > > >>>>> > ------------------------------------------------------------------------ > > > > >>>>> > <appengine-web-app xmlns="http://appengine.google.com/ns/1.0";> > > >>>>> > <application>foo</application> > > >>>>> > <version>1</version> > > >>>>> > <system-properties> > > >>>>> > <property name="in.gae.j" value="true" /> > > >>>>> > </system-properties> > > >>>>> > <sessions-enabled>true</sessions-enabled> > > >>>>> > <static-files> > > >>>>> > <include path="/style/**.css"/> > > >>>>> > <include path="/images/**.gif"/> > > >>>>> > <include path="/images/**.jpg"/> > > >>>>> > <include path="/script/**.js"/> > > >>>>> > </static-files> > > >>>>> > </appengine-web-app> > > > > >>>>> > ------------------------------------------------------------------------ > > >>>>> > /webapp/WEB-INF/web.xml > > >>>>> > /webapp/WEB-INF/appengine-web.xml > > >>>>> > /webapp/fileupload.xthml ---> Access fails using the > > >>>>> >http://localhost:8080/fileupload[or<http://localhost:8080/fileupload%5Bor>with > > >>>>> > the suffix] > > >>>>> > /webapp/index.html ---> Access OK > > > > >>>> -- > > >>>> Lift, the simply functional web frameworkhttp://liftweb.net > > >>>> Beginning Scalahttp://www.apress.com/book/view/1430219890 > > >>>> Follow me:http://twitter.com/dpp > > >>>> Git some:http://github.com/dpp > > > > >> -- > > >> Lift, the simply functional web frameworkhttp://liftweb.net > > >> Beginning Scalahttp://www.apress.com/book/view/1430219890 > > >> Follow me:http://twitter.com/dpp > > >> Git some:http://github.com/dpp > > > > -- > > Lift, the simply functional web frameworkhttp://liftweb.net > > Beginning Scalahttp://www.apress.com/book/view/1430219890 > > Follow me:http://twitter.com/dpp > > Git some:http://github.com/dpp > > > > -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Git some: http://github.com/dpp --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
