Latest Posts

Archives [+]

Screencast: TheServerSide.com in 15 minutes

In the second screencast about CRX Quickstart I show how to create a web site like TheServerSide.com in 15 minutes(*). This is achieved in a Data First-like approach: no schemas or the like have to be set up to get up and running. Since the JCR compliant repository underneath has functionality like search, versioning, access control, etc built right in the software created in this demo is not a throw-away prototype, but can evolve into production.

(*) The first screencast is here - you might find it beneficial to watch it first if you want to follow the technical details of this screencast.

Update: for doing the examples yourself with current versions of Sling or CRX Quickstart please see the errata before.

 

COMMENTS

  • By Christian Sprecher - 3:18 PM on Apr 11, 2008   Reply
    The transition from static (or copied) to dynamic html is fantastic. You really can imagine sitting together with a customer and his static prototype and making it work. Nice!<br/><br/>I am a little concerned about the filtering of allowed data on the client side: if this data would have been sensitive, it would have been a problem, since first the content is retrieved (with Sling.getContent()) and then the data is filtered. But that is just a security guy's reflex, sorry for that :).<br/><br/>
  • By Michael Marth - 4:33 PM on Apr 11, 2008   Reply
    Christian,<br/><br/>the data is actually filtered on the server side. The repository will return only the nodes to which to user (in the case of the video: the anonymous user) has access to. The application will not see any other data, hence security concerns are removed from the app developer. This is quite different from typical RDBMS-based web apps where the connection to the db occurs through a technical user so that the application needs to filter rows.<br/><br/>Cheers<br/>Michael
  • By Richard Metzler - 4:26 AM on Apr 12, 2008   Reply
    Would you do a next screencast on the generation/integration of feeds in a crx-website? I would greatly appreciate that.
  • By Christian Sprecher - 6:19 AM on Apr 12, 2008   Reply
    Hi Michael<br/><br/>Don't mean to be picky, but if also the "not yet approved" posts would be filtered out on the server side, no <code>if post.approved=="yes"</code> statement would be necessary (at about 12' in the video). This means that the anonymous user should be able to see also the unapproved posts in the http response stream. Perhaps you can check this with firebug. <br/><br/>AFAIK there is no possibility to define an access check on attribute values in JCR. One possibility would be to move the unapproved posts to another location in the tree, which is only accessible by admins.<br/><br/>This is a general issue with ajax-enabled web applications, nothing special to Sling.<br/><br/>Cheers
  • By Michael Marth - 1:49 PM on Apr 13, 2008   Reply
    Richard,<br/><br/>thanks for your suggestions. Feed generation is really simple (<a href="http://dev.day.com/microsling/content/blogs/main/bloghowto1.html">here is an example</a>), but I am not quite sure what yo mean with feed integration. On the client side? That would be pure JS. Or do you want to write a feed into the repository on the server?<br/><br/>You can also drop me a line (see mail address in the footer)<br/><br/>Cheers<br/>Michael<br/>
  • By Michael Marth - 2:19 PM on Apr 13, 2008   Reply
    Christian, you are right, of course. The filtering in the screencast does not utilize JCR's security (for brevity of the screencast). I would implement this as you suggest as well: move approved posts to a folder that only admins can write into, but anonymous users can read from.
  • By Michael Marth - 8:05 AM on Apr 16, 2008   Reply
    Re the WebDAV mount: the WebDAV server can also be mounted from the root (i.e. the URL would be http://localhost:7402/)
  • By Ben Short - 1:51 PM on Aug 08, 2009   Reply
    Great screen casts. I'd like to see a follow up showing how to only allow access to the admin page to certain users.<br/><br/>Also how would you go about validating fields? Would this be done in client side javascript or can this be done in the JCR?
  • By Darren - 5:45 PM on Mar 30, 2010   Reply
    What happened to the screencast?
  • By James - 7:04 AM on Apr 09, 2010   Reply
    Hmmm... there seems to be a broken link somewhere....