Blocking users from copying a script is tricky business. To start with,
an exception will cause the content to be dumped in the error message.
You might try this:
create a page (I will call it Main.banned, but you can call it what you
like.) This will contain your secret groovy script.
put this in it
public class MySecretClass{
public String go(){
//your code goes here, it can only output things through
//the return statement, println and errors will not be shown.
String out = "hello world!";//my test code :)
return out;
}
}
NOTE: there are no <% or {{groovy}} marks
Set the permissions of this page so that only you are allowed to view it.
create another page (which users are allowed to view.) in this page put:
{{velocity}}
#set($myclass = $xwiki.parseGroovyFromPage("Main.banned"))
$myclass.go()
{{/velocity}}
now unregistered users and users without permission can view the page
with the velocity code (which executes the groovy page), but not view
the page with the groovy code (with viewer=code or otherwise.)
In the event of an exception in your groovy code, the user will see a
velocity exception, and the exact error (eg
StringIndexOutOfBoundsException -1) will be shown, but not the groovy code.
I have tested this and it works. A user without any special permissions
can copy the velocity code and run it themselves, but I can't see any
way for them to read the groovy code.
Hope this helps,
Caleb James DeLisle
Thomas Mortagne wrote:
> viewer=code does not make any difference between any specific content,
> it simply print the document content which can contains wiki syntax,
> velocity , groovy etc... a better name would be viewer=source
>
> On Wed, Aug 26, 2009 at 18:36, Ajdin Brandic<aa6...@coventry.ac.uk> wrote:
>
>> Will it show Groovy as well as Velocity code?
>>
>> Ajdin
>>
>> -----Original Message-----
>> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On Behalf
>> Of Marius Dumitru Florea
>> Sent: 26 August 2009 17:18
>> To: XWiki Users
>> Subject: Re: [xwiki-users] viewer=code
>>
>> Ajdin Brandic wrote:
>>
>>> Lets say I'm doing some user input checking to prevent spam. Since I
>>> am using myxwiki.org service and have no access to the back end code I
>>>
>>> could have some hard coded sensitive info in my script (ie. u/p to
>>> twitter or facebook).
>>>
>> Afaik, there is no view-code right so any user with view access is able
>> to see the code of the page.
>>
>> Marius
>>
>>
>>> Ajdin
>>>
>>> -----Original Message-----
>>> From: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] On
>>> Behalf Of Marius Dumitru Florea
>>> Sent: 26 August 2009 16:07
>>> To: XWiki Users
>>> Subject: Re: [xwiki-users] viewer=code
>>>
>>> Hi Ajdin,
>>>
>>> Ajdin Brandic wrote:
>>>
>>>> Is there an option (settings) to disable this (viewer=code) on a
>>>>
>> site?
>>
>>> I don't know if there is a way to disable the viewer=code from the UI
>>> but I know you can prevent it by editing templates/view.vm around this
>>> line:
>>>
>>> #template("${viewer}.vm")
>>>
>>> or by renaming templates/code.vm (but that leads to a blank page which
>>>
>>> is not user friendly).
>>>
>>> Btw, why do you want to hide the code?
>>>
>>> Hope this helps,
>>> Marius
>>>
>>>
>>>> Ajdin
>>>>
>>>>
>>>> --------------------------------------------------------
>>>>
>>>> NOTICE
>>>>
>>>> This message and any files transmitted with it is intended for the
>>>>
>>> addressee only and may contain information that is confidential or
>>> privileged. Unauthorised use is strictly prohibited. If you are not
>>> the addressee, you should not read, copy, disclose or otherwise use
>>> this message, except for the purpose of delivery to the addressee.
>>>
>>>> Any views or opinions expressed within this e-mail are those of the
>>>>
>>> author and do not necessarily represent those of Coventry University.
>>>
>>>> _______________________________________________
>>>> users mailing list
>>>> users@xwiki.org
>>>> http://lists.xwiki.org/mailman/listinfo/users
>>>>
>>> _______________________________________________
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>>>
>> _______________________________________________
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>>
>> --------------------------------------------------------
>>
>> NOTICE
>>
>> This message and any files transmitted with it is intended for the addressee
>> only and may contain information that is confidential or privileged.
>> Unauthorised use is strictly prohibited. If you are not the addressee, you
>> should not read, copy, disclose or otherwise use this message, except for
>> the purpose of delivery to the addressee.
>>
>> Any views or opinions expressed within this e-mail are those of the author
>> and do not necessarily represent those of Coventry University.
>> _______________________________________________
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>>
>
>
>
>
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
