I know we can deploy Grails application with .war file, just like in this wiki : http://grails.org/Deployment but the view files (the .gsp files) is still on a plain text. I want to protect my .gsp code, any suggestion?
How do you mean protect, do you want to make sure that users can't see the GSP code? That's not possible, just like for JSPs, since the server won't send down source code to the browser, only rendered output from GSPs/JSPs.
If you want to guard access to particular GSP URLs, use http://grails.org/plugin/spring-security-core or http://grails.org/plugin/shiro
Related
I know it's not a good question to ask, but sometimes I really need to know if a webpage or website is static or not.
Sometimes I see .html extension in many URL, Does that mean that those pages are static?
.html extension means that page contains only front-end code and does not have any server side language included in it (I'm not talking about URL rewriters that adds .html to the end of virtual path).
This does not prevent these things:
Page can load it's content via Ajax depending on inputs, URL params, time of day, etc.
Page can be generated as static HTML page, but still be re-generated from time-to-time.
You can have iFrame in static HTML page that leads to .php file.
Not really, .html does not mean webpage is static. Ajax can be used to load dynamic data in html page.
Also there is no proper method defined to find whether page is static or dynamic.
One way is, you can check requests in Developer Options of browser.
You can read more here.
No.
There is no guarantee of a direct relationship between a thing that looks like a file extension in a URL and how the server handles things behind the scenes.
It might be resolved using basic static file handling rules to a static file with that name.
It might use a tool like mod_write to map the URL onto a server side script with the same name but a different file extension (e.g. if the site used to be made of static files, but was changed to be dynamic with steps taken to keep the URLs unchanged).
It might use a tool like mod_write to map the URL onto a server side script that has no relation to the name of the file but implements the front controller pattern for the whole site.
It might map onto a server side script which looks at the end of the URL to determine what type of data to return the content in (e.g. cars.html and cards.json might both be be handled by the same script, which outputs a list of cars, but it might output it in JSON or HTML depending on the URL).
It might hit a 404 error or a 302 redirect.
It might do any number of other things.
Not always, sometimes it can be a generated page from a Servlet or a PHP script that generates them. you can have a .htaccess rule to add .html to all documents.
I'm looking to add a "Do you want to log out?" dialog that pops up before the session ends, and the user can click OK to ping the site and not get automatically logged out.
To code this, I would ideally only like to add a <asset:javascript src="session.logout.dialog.js" /> into the layout.
The issue in only including a .js file is that I need links to controllers in the JavaScript file. I'm not aware of a way to code the links without some kind of initialization code in the gsp such as initLogoutDialog("${createLink(...)}"). Does the Asset Pipeline plugin allow me a way to bypass the normal restrictions and use createLink as if it were a gsp?
Looking for suggestions on how to host static files through an MVC app.
I have an MVC SPA (basically a bunch of static html, js and img files). I want users to be able to access these static files only after they have logged into my MVC application. I am running on a windows server platform, using IIS.
Currently I am doing this:
RouteTable.Routes.IgnoreRoute("AngularApp/{*path}"); //to serve up angular files from AngularApp folder
However this has a number of problems.
I don't really want to ignore the route, I want the MVC controller to check if the user has permissions (like my other controllers do), if not redirect to login page and if so, then instead of sending them to a view, allow them to load any files in a particular folder or subfolders. But the folders these files load from need to be a different path than the route URL requested. For example I don't want users to have to go to mysite.com/angularseedapp/deploy/app/mypage.html but rather if they request mysite.com/a/mypage.html I want it to serve up the file from there.
This seems simply a matter of being able to have MVC redirect and fetch files from a different folder, but I have no idea how to do this.
Could someone knowledgeable about MVC please give me a step by step simple way to do this? When I try to fetch files outside the views folder this seemingly simple task results in various permissions and other kinds of errors because I don't know how to do it correctly.
Thanks!
P.S. To clarify, I know how to get my controller to check permissions and redirect, to any single file in the views folder, but how do I do it for a whole folder of files and directories in a higher level folder? I want to map the route, have it go to a controller, then instead of going to a view I want it to take me to static files. I suspect there is some way to use maproute() in global.asax to help me do this but I do not have a lot of experience with that.
I may be oversimplifying but I usually select the application in IIS Manager and then select Mime Types, they add mappings for whatever types you want to map statically. I've done this for HTML and JSON files before and it worked fine. Use type = text/javascript or application/json etc.
I am new to Symfony and I need to work to a large project with many themes to modify them. How can I find where actually is the theme file in which module, just looking at the HTML browser output? Or do I need to look somewhere else, routing for example?
What you want to do is use the Web Debug Toolbar.
Once you have that running on the page, using appname_dev.php, simple click the view link and it will show you which templates have been used. If you need to know which layout to use then use logs link, click none the sfPHPView.
I inherited the management of a Symfony site and need to add some HTMl form tags to one of the "static" pages via the CMS. The scenario I have is:
/index.php/splash/welcome pulls up the welcome screen.
We want to be able to add a subscription button on that page.
The HTML has been supplied for us by the company that handles the subscriptions.
The form post method has an action that references a script on a remote site (no lectures on the security implications please ;-).
When I add the <form... and <input... tags via the CMS admin panel, the tags get removed automatically by Symfony.
Is there a way to tell Symfony to allow these tags?
Thanks in advance,
Marty.
This is goign to depend completely on how the developer set up the CMS. Youre using a rich text editor in source mode i would take a look at that editor's config file and documentation because its probably the one responsible for stripping the tags.
If its just a plain text area i would check the submit action for the edit form and take a look at the code... he may be using something to strip them in there.
If youre using one of the Symfony CMS plugins (Diem, Apostrophe, Sympal) i might be able to help further if i know which one youre using. If its something custom we would need to see the code. This isnt really indiciative of the Symfony core, but rather the CMS youre using.