Tapestry 5.0.11 is now available for download. This is unofficially a beta, meaning that the functionality is really nailed down and we're just stabilizing and fixing bugs.
There's a lot of cool new things in this release. I think the three biggest are:
- HTTPS control: annotate a page as only accessible via HTTPS. Tapestry takes care of the rest.
- Index pages for folders: kind of like the Start page, but everywhere.
- Automatic Hibernate ValueEncoders: Use an entity as a page or event context and what goes in the URL is the entity's id. Likewise, ids are turned back into entities when passed to event handler methods.
What's next? A period of stabilization and bug fixes and then a release candidate. And then, some really awesome (and really backwards compatible) stuff for the 5.1 release.
Download link doesn't work for me. This one does: http://tapestry.apache.org/download.html
ReplyDeleteAny updates on Ajax side planned? IMHO Ajax in T5 is not as powerful as in T4.1.X?
ReplyDeleteCool!
ReplyDeleteAbout the ValueEncoders, what are your thoughts on security? You write that entity id goes into the URL and that the id is automatically mapped into the entity. Nice, but, where shall I control, that the id is legal for the user of the request?
When entity ids end up in URLs, they are easy for a client request to simply change, maybe loading another users data.
?
RE: Security
ReplyDeleteThis is the function of the activate event handler method.
It not only receives the entity, but should perform necessary access checks, and return a navigation result as necessary. A navigation result is a page, URL, Link, etc.
In other words:
Object onActivate(User user)
{
if (! _securityMgr.checkAccess(user)) return "SecurityViolation";
_user = user;
}
... or something to that effect.
RE: Ajax
ReplyDeleteSven's t5components project is filling the gaps on T5 Ajax support. The concensus of the group is that a stable release is more important than having every possible Ajax component built into the framework.
Re: Ajax
ReplyDeleteAgree about wigests, they are many :) but I'm more concerned about "core" Ajax functionality, e.g. adding more dynamism in partial page refresh, refreshing multiple regions, etc.
Que bueno!
ReplyDeleteI was wondering why you would want to annotate your application for HTTPS? Isn't that a protocol level concern? Is this just an issue for your 304s?
ReplyDeleteMany of my clients want the throughput of HTTP but want the security of HTTPS on a subset of pages, say pages related to logging in or managing the user's profile or banking information (depending on the application domain of course).
ReplyDeleteI can also see where SSL encryption is only needed for a subset of pages.
ReplyDeleteGlad 5.1 will be backwards compatible w/ 5.0. That is seriously the biggest bugaboo about Tapestry...rip out and redo w/ every Tapestry version isn't healthy for its ecosystem. Even MS hasn't tried that w/ asp.net (they add radical new features, but it's been fairly backwards compatible w/ old apps)...
I'd love to switch to Tapestry 5.x, but we have to be able to run our Tapestry 3.x in the same servlet, lest the leap is too great.
ReplyDeleteA lot our application is fine and hasn't changed in years, so redoing those pages in Tapestry 5.x has no merit, except from a lowly programmers point of view.
Can Tapestry 5.x run side-by-side in the same servlet as Tapestry 3.x(or 4.x)?
I made some fleeting vain attempts at this, but ran into the name space problem. After pondering it a bit, I was wondering if it might be possible to rename Tapestry 3.x classes and our applications reference to those classes rather the other way around(and would such an approach be sufficient?).
I'm sure there are others who would like some "best practices" on how to run Tapestry 3/4 side-by-side with Tapestry 5 in the same servlet...