Apr

11

Screencast: TheServerSide.com in 15 minutes

filed under crx crx quickstart tutorial screencast | posted by Michael Marth

In the second screencast about CRX Quickstart I show how to create a web site like TheServerSide.com in 15 minutes(*). This is achieved in a Data First-like approach: no schemas or the like have to be set up to get up and running. Since the JCR compliant repository underneath has functionality like search, versioning, access control, etc built right in the software created in this demo is not a throw-away prototype, but can evolve into production.

(*) The first screencast is here - you might find it beneficial to watch it first if you want to follow the technical details of this screencast.

Update: for doing the examples yourself with current versions of Sling or CRX Quickstart please see the errata before.


Related Posts


Files


Comments

8 comments

  1. Christian Sprecher on 11/4/2008

    The transition from static (or copied) to dynamic html is fantastic. You really can imagine sitting together with a customer and his static prototype and making it work. Nice!

    I am a little concerned about the filtering of allowed data on the client side: if this data would have been sensitive, it would have been a problem, since first the content is retrieved (with Sling.getContent()) and then the data is filtered. But that is just a security guy's reflex, sorry for that :).

  2. Michael Marth on 11/4/2008

    Christian,

    the data is actually filtered on the server side. The repository will return only the nodes to which to user (in the case of the video: the anonymous user) has access to. The application will not see any other data, hence security concerns are removed from the app developer. This is quite different from typical RDBMS-based web apps where the connection to the db occurs through a technical user so that the application needs to filter rows.

    Cheers
    Michael

  3. Richard Metzler on 12/4/2008

    Thanks for the two screencasts. I will definetly check out CRX in the next days.

    Have a nice day.

  4. Richard Metzler on 12/4/2008

    Would you do a next screencast on the generation/integration of feeds in a crx-website? I would greatly appreciate that.

  5. Christian Sprecher on 12/4/2008

    Hi Michael

    Don't mean to be picky, but if also the "not yet approved" posts would be filtered out on the server side, no if post.approved=="yes" statement would be necessary (at about 12' in the video). This means that the anonymous user should be able to see also the unapproved posts in the http response stream. Perhaps you can check this with firebug.

    AFAIK there is no possibility to define an access check on attribute values in JCR. One possibility would be to move the unapproved posts to another location in the tree, which is only accessible by admins.

    This is a general issue with ajax-enabled web applications, nothing special to Sling.

    Cheers

  6. Michael Marth on 13/4/2008

    Richard,

    thanks for your suggestions. Feed generation is really simple (here is an example), but I am not quite sure what yo mean with feed integration. On the client side? That would be pure JS. Or do you want to write a feed into the repository on the server?

    You can also drop me a line (see mail address in the footer)

    Cheers
    Michael

  7. Michael Marth on 13/4/2008

    Christian, you are right, of course. The filtering in the screencast does not utilize JCR's security (for brevity of the screencast). I would implement this as you suggest as well: move approved posts to a folder that only admins can write into, but anonymous users can read from.

  8. Michael Marth on 16/4/2008

    Re the WebDAV mount: the WebDAV server can also be mounted from the root (i.e. the URL would be http://localhost:7402/)

Add a comment

Name

URL

  • Print version

    Printer-friendly version

  • PlanetDay

    The latest posts on PlanetDay

  • Links on Daigg