Security
Main Article: Security
Contents
| Table of Contents |
|---|
| exclude | Contents|Security|Related Articles |
|---|
| printable | false |
|---|
|
| Div |
|---|
| style | float:right |
|---|
| title | Related Articles |
|---|
| class | aui-label |
|---|
|
| Content by Label |
|---|
| showLabels | false |
|---|
| showSpace | false |
|---|
| title | Related Articles |
|---|
| cql | label = "security" and space = currentSpace() |
|---|
|
|
The built-in Dashboard page are visible in my production application and I don't want them to be, what can I do?
First off all, don't panic: the Development Dashboard page is marked with the @WhitelistAccessOnly annotation, which makes it invisible to clients that are not on the whitelist. Try accessing the page from a different workstation and you may find that the pages are not visible after all.
Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost; in that situation, you may want to disable the logic that puts localhost onto the whitelist. This determination is made by the contributions to the ClientWhitelist service. Tapestry makes a contribution with id "LocalhostOnly", which one of your modules can override:
| Code Block |
|---|
@Contribute(ClientWhitelist.class)
public static void turnOffLocalhostInProduction(OrderedConfiguration<WhitelistAnalyzer> configuration,
@Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) {
if (productionMode) { configuration.override("LocalhostOnly", null); }
}
|