This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Skip to end of metadata
Go to start of metadata

Security

Main Article: Security

Contents

 

Related Articles

The built-in Dashboard page are visible in my production application and I don't want them to be, what can I do?

First off all, don't panic: the Development Dashboard page is marked with the @WhitelistAccessOnly annotation, which makes it invisible to clients that are not on the whitelist. Try accessing the page from a different workstation and you may find that the pages are not visible after all.

Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost; in that situation, you may want to disable the logic that puts localhost onto the whitelist. This determination is made by the contributions to the ClientWhitelist service. Tapestry makes a contribution with id "LocalhostOnly", which one of your modules can override:

  @Contribute(ClientWhitelist.class)
  public static void turnOffLocalhostInProduction(OrderedConfiguration<WhitelistAnalyzer> configuration, 
                                                 @Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) {
    if (productionMode) { configuration.override("LocalhostOnly", null); }
  }