Seaside Security
Locked
 
|
Hi dear Seaside gurus :-),
one think I never really understand using Seaside: by default, there is this control bar at the bottom "configure toggle halos new session etc". Whow can I make sure that only an special logged-in user can see this bar ? I have read about and played with WAAuthConfiguration, but neither it could let disappear the bar nor I got any log-in window (or could see if I maybe already be logged- in). How to do this ? If I manage User and Groups in Pier, are this the same as for WAAuthConfiguration or are these user managements completley divided ? Thanks for help :-) Hans _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Hi Hans,
What about registering your root component twice, under different urls, for example: (WACounter registerAsApplication: 'c1') preferenceAt: #deploymentMode put: true. (WACounter registerAsAuthenticatedApplication: 'c2') preferenceAt: #login put: 'user'; preferenceAt: #password put: 'pass'; preferenceAt: #deploymentMode put: false. HTH Michel. On Jul 23, 2008, at 6:46 AM, Hans N Beck wrote: > Hi dear Seaside gurus :-), > > one think I never really understand using Seaside: > > by default, there is this control bar at the bottom "configure > toggle halos new session etc". Whow can I make sure that only an > special logged-in user can see this bar ? I have read about and > played with WAAuthConfiguration, but neither it could let disappear > the bar nor I got any log-in window (or could see if I maybe > already be logged-in). > > How to do this ? > > If I manage User and Groups in Pier, are this the same as for > WAAuthConfiguration or are these user managements completley divided ? > > > Thanks for help :-) > > Hans > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
The toolbar is not really ment for anything else than development. I
would disable it for any productive application. Lukas On 7/23/08, Michel Bany <[hidden email]> wrote: > Hi Hans, > > What about registering your root component twice, under different urls, for > example: > > (WACounter registerAsApplication: 'c1') > preferenceAt: #deploymentMode put: true. > > (WACounter registerAsAuthenticatedApplication: 'c2') > preferenceAt: #login put: 'user'; > preferenceAt: #password put: 'pass'; > preferenceAt: #deploymentMode put: false. > > HTH > Michel. > > > > On Jul 23, 2008, at 6:46 AM, Hans N Beck wrote: > > > > Hi dear Seaside gurus :-), > > > > one think I never really understand using Seaside: > > > > by default, there is this control bar at the bottom "configure toggle > halos new session etc". Whow can I make sure that only an special logged-in > user can see this bar ? I have read about and played with > WAAuthConfiguration, but neither it could let disappear the bar nor I got > any log-in window (or could see if I maybe already be logged-in). > > > > How to do this ? > > > > If I manage User and Groups in Pier, are this the same as for > WAAuthConfiguration or are these user managements completley divided ? > > > > > > Thanks for help :-) > > > > Hans > > _______________________________________________ > > seaside mailing list > > [hidden email] > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > -- Lukas Renggli http://www.lukas-renggli.ch _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Hi,
thank you for help. Ok, setting up Deployment mode let disapear the tool bar, great. Removing all not needed applications for delivery (as pointed out in some tutorial) is clear. But how I prevent that someone is accessing .../seaside/config ? The only way seems to removing the config application. But that is bad, because perhaps I want configure something later and not in code.... And the other thing but related is this: according to tutorials, if one set up WAAuthConfiguration as an ancessor in the configuration of an application, then the log-in dialog should come up if one try to access .../seaside/<myapplication> . But this doen't happen for me. Perhaps there is a little detail I overlook.... (I use the Web Image from Damien Cassou). Thanks Hans Am 23.07.2008 um 11:14 schrieb Lukas Renggli: > The toolbar is not really ment for anything else than development. I > would disable it for any productive application. > > Lukas > > On 7/23/08, Michel Bany <[hidden email]> wrote: >> Hi Hans, >> >> What about registering your root component twice, under different >> urls, for >> example: >> >> (WACounter registerAsApplication: 'c1') >> preferenceAt: #deploymentMode put: true. >> >> (WACounter registerAsAuthenticatedApplication: 'c2') >> preferenceAt: #login put: 'user'; >> preferenceAt: #password put: 'pass'; >> preferenceAt: #deploymentMode put: false. >> >> HTH >> Michel. >> >> >> >> On Jul 23, 2008, at 6:46 AM, Hans N Beck wrote: >> >> >>> Hi dear Seaside gurus :-), >>> >>> one think I never really understand using Seaside: >>> >>> by default, there is this control bar at the bottom "configure >>> toggle >> halos new session etc". Whow can I make sure that only an special >> logged-in >> user can see this bar ? I have read about and played with >> WAAuthConfiguration, but neither it could let disappear the bar nor >> I got >> any log-in window (or could see if I maybe already be logged-in). >>> >>> How to do this ? >>> >>> If I manage User and Groups in Pier, are this the same as for >> WAAuthConfiguration or are these user managements completley >> divided ? >>> >>> >>> Thanks for help :-) >>> >>> Hans >>> _______________________________________________ >>> seaside mailing list >>> [hidden email] >>> >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >>> >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > > > -- > Lukas Renggli > http://www.lukas-renggli.ch > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
El mié, 23-07-2008 a las 21:34 +0200, Hans N Beck escribió: > > But how I prevent that someone is accessing .../seaside/config ? If you set a new password, only you can change the config settings. Best regards, Francisco _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by Hans N Beck-2
> But how I prevent that someone is accessing .../seaside/config ? The only
> way seems to removing the config application. But that is bad, because > perhaps I want configure something later and not in code.... Again the story with Apache. The Squeak image servers all applications on port 8080 that is hidden behind the firewall. This means from outside the server I cannot access port 8080. Then there is Apache that proxies requests to www.myapp.com to localhost:8080/seaside/myapp. When I want to access the config application I go to the server (or use a tunnel) to access localhost:8080/seaside/config. > And the other thing but related is this: according to tutorials, if one set > up WAAuthConfiguration as an ancessor in the configuration of an > application, then the log-in dialog should come up if one try to access > .../seaside/<myapplication> . But this doen't happen for me. Perhaps there > is a little detail I overlook.... Did you set the username and password in the config application? It could also be that your web browser caches the authentication somehow. So you only need to enter it once. Cheers, Lukas -- Lukas Renggli http://www.lukas-renggli.ch _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Hi,
> > > The Squeak image servers all applications on port 8080 that is hidden > behind the firewall. This means from outside the server I cannot > access port 8080. > > Then there is Apache that proxies requests to www.myapp.com to > localhost:8080/seaside/myapp. > > When I want to access the config application I go to the server (or > use a tunnel) to access localhost:8080/seaside/config. ok, clear, thanks for explanation :-) > > >> And the other thing but related is this: according to tutorials, if >> one set >> up WAAuthConfiguration as an ancessor in the configuration of an >> application, then the log-in dialog should come up if one try to >> access >> .../seaside/<myapplication> . But this doen't happen for me. >> Perhaps there >> is a little detail I overlook.... > > Did you set the username and password in the config application? > > It could also be that your web browser caches the authentication > somehow. So you only need to enter it once. yeah, in Firefox, if deleting "private data", it works, Safari doesn't work even if triggering "Empty Cache". Anyway, it's clear now. Thanks for help! Hans > > > Cheers, > Lukas > > -- > Lukas Renggli > http://www.lukas-renggli.ch > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |