Tapestry 5
  1. Tapestry 5
  2. TAP5-43

Add configuration to turn off @Secure when in development

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.15
    • Fix Version/s: 5.1.0.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Windows XP

      Description

      In production I want my pages to be secured so I annotate my them with @Secure.
      In development however, I don't want my pages to have to be secured (https) so I comment out the @Secure annotation.
      It would be nice to be able to set the @Secure dynamically based on the environment (development or production).

        Activity

        Hide
        Howard M. Lewis Ship added a comment -

        Sorry, didn't mean to grab it away from you, was doing five things at once. I'm 90% done with the code & docs, just running the tests now, so I'll just see it through.

        Show
        Howard M. Lewis Ship added a comment - Sorry, didn't mean to grab it away from you, was doing five things at once. I'm 90% done with the code & docs, just running the tests now, so I'll just see it through.
        Hide
        Kevin Menard added a comment -

        This is largely what I was looking to do. I see you grabbed the issue after I started progress on it earlier today. Was that inadvertent as you added the comment or are you really taking it over. I don't care much one way or the other, but I'll stop working on it if that be the case.

        Show
        Kevin Menard added a comment - This is largely what I was looking to do. I see you grabbed the issue after I started progress on it earlier today. Was that inadvertent as you added the comment or are you really taking it over. I don't care much one way or the other, but I'll stop working on it if that be the case.
        Hide
        Howard M. Lewis Ship added a comment -

        My thought is that there's a configuration symbol, tapestry.enable-secure that defaults to "true". By adding -Dtapestry.enable-secure=false it can be turned off for development.
        If you want to connect it to production, you can override the symbol's value as "$

        {tapestry.production-mode}

        ".

        Show
        Howard M. Lewis Ship added a comment - My thought is that there's a configuration symbol, tapestry.enable-secure that defaults to "true". By adding -Dtapestry.enable-secure=false it can be turned off for development. If you want to connect it to production, you can override the symbol's value as "$ {tapestry.production-mode} ".
        Hide
        Kevin Menard added a comment -

        Uli's solution is rather straightforward. I think I'm still going to wrap this up to be a bit nicer simply because of the ubiquity of this. Most people are not going to want to enable SSL for local testing.

        Show
        Kevin Menard added a comment - Uli's solution is rather straightforward. I think I'm still going to wrap this up to be a bit nicer simply because of the ubiquity of this. Most people are not going to want to enable SSL for local testing.
        Hide
        Ulrich Stärk added a comment -

        why not do something like

        public static void contributeApplicationDefaults(MappedConfiguration<String, String> configuration)

        { configuration.add("https", "true"); }

        public void contributeMetaDataLocator(MappedConfiguration<String,String> configuration, @Inject @Symbol("https") String https)

        { configuration.add("admin:" + MetaDataConstants.SECURE_PAGE, https); }

        In your AppModule and override this with -Dhttps=false on the command line during development?

        Show
        Ulrich Stärk added a comment - why not do something like public static void contributeApplicationDefaults(MappedConfiguration<String, String> configuration) { configuration.add("https", "true"); } public void contributeMetaDataLocator(MappedConfiguration<String,String> configuration, @Inject @Symbol("https") String https) { configuration.add("admin:" + MetaDataConstants.SECURE_PAGE, https); } In your AppModule and override this with -Dhttps=false on the command line during development?
        Hide
        Joey Solis added a comment -

        I don't think that using the "tapestry.production-mode" setting is the best solution. I may still want to deploy unsecured pages in production mode. Then, I'd have to remove all the @Secure annotations. I have to anticipate these type of quick changes where I work. Ideally, I think there should be a separate setting to toggle for secured/un-secured pages and components.

        Show
        Joey Solis added a comment - I don't think that using the "tapestry.production-mode" setting is the best solution. I may still want to deploy unsecured pages in production mode. Then, I'd have to remove all the @Secure annotations. I have to anticipate these type of quick changes where I work. Ideally, I think there should be a separate setting to toggle for secured/un-secured pages and components.
        Hide
        Andy Pahne added a comment -

        What do you think of the idea to use the "tapestry.production-mode" setting?

        If the app is in production mode, the @Secure annotation will be honored. If not, it is silently ignored.

        In case the connection between production mode and secured pages is not desired, another configuration option would make sense.

        Show
        Andy Pahne added a comment - What do you think of the idea to use the "tapestry.production-mode" setting? If the app is in production mode, the @Secure annotation will be honored. If not, it is silently ignored. In case the connection between production mode and secured pages is not desired, another configuration option would make sense.
        Hide
        Howard M. Lewis Ship added a comment -

        Just clarifying what we talked about ... the idea is to "ignore" HTTPs security if desired, which speeds up development a bit.

        Show
        Howard M. Lewis Ship added a comment - Just clarifying what we talked about ... the idea is to "ignore" HTTPs security if desired, which speeds up development a bit.

          People

          • Assignee:
            Howard M. Lewis Ship
            Reporter:
            Joey Solis
          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development