Quantcast

Direct linking to .gsp in Grails 2.0

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Direct linking to .gsp in Grails 2.0

mjparme
In Grails 1.3.7 if I had a directory structure like this:

views
--bugtest
----bugtest.gsp

I could access the gsp directly by going to: http://localhost:8080/BugTest/bugtest/bugtest.gsp

The same thing in Grails 2.0 results in a 404 error. I have read the What's New document for Grails 2.0 and I don't see anything in it that would explain why you can't directly view a gsp in Grails 2.0 like you can in Grails 1.3.7.

Does anyone know if this is intentional or if it is a bug?
---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Ian Roberts
On 23/12/2011 15:14, Parmeley, Michael wrote:
> Does anyone know if this is intentional or if it is a bug?

IMHO it's a bug in 1.3.7 if this is allowed, rather than a bug in 2.0
that it is forbidden...  If I want a particular view to be accessible
directly (as opposed to rendered via a controller action) then I'll
declare that in my UrlMappings.

Ian

--
Ian Roberts               | Department of Computer Science
[hidden email]  | University of Sheffield, UK

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

mjparme
If this is no longer allowed in Grails 2.0.0 this will drastically slow down development of views. Because instead of being able to make changes to the GSP, refresh the page and immediately see the results I am going to have to always go through the controller which probably means inserting stuff in the database when I just want to make adjustments to the view.


On Dec 23, 2011, at 9:22 AM, Ian Roberts wrote:

> On 23/12/2011 15:14, Parmeley, Michael wrote:
>> Does anyone know if this is intentional or if it is a bug?
>
> IMHO it's a bug in 1.3.7 if this is allowed, rather than a bug in 2.0
> that it is forbidden...  If I want a particular view to be accessible
> directly (as opposed to rendered via a controller action) then I'll
> declare that in my UrlMappings.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Direct linking to .gsp in Grails 2.0

bksaville
http://jira.grails.org/browse/GRAILS-7542

I'm glad this is fixed as we considered this a bug, but I can see how it
might have been useful in dev.  Looked like it took a major rewrite of
some view/layout handling, so I don't think it will be easy to put back in
as a configuration option.

-Brian

-----Original Message-----
From: Parmeley, Michael [mailto:[hidden email]]
Sent: Friday, December 23, 2011 8:27 AM
To: [hidden email]
Subject: Re: [grails-user] Direct linking to .gsp in Grails 2.0

If this is no longer allowed in Grails 2.0.0 this will drastically slow
down development of views. Because instead of being able to make changes
to the GSP, refresh the page and immediately see the results I am going to
have to always go through the controller which probably means inserting
stuff in the database when I just want to make adjustments to the view.


On Dec 23, 2011, at 9:22 AM, Ian Roberts wrote:

> On 23/12/2011 15:14, Parmeley, Michael wrote:
>> Does anyone know if this is intentional or if it is a bug?
>
> IMHO it's a bug in 1.3.7 if this is allowed, rather than a bug in 2.0
> that it is forbidden...  If I want a particular view to be accessible
> directly (as opposed to rendered via a controller action) then I'll
> declare that in my UrlMappings.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

mjparme
This is a horrible change. This renders Grails useless for quickly making changes to my views and then refreshing my browser.

I also display .gsp files in jQuery UI dialogs. So you are saying that now I have to send a request to view my .gsp through a controller action that simply renders my .gsp?

On Dec 23, 2011, at 9:35 AM, Brian Saville wrote:

> http://jira.grails.org/browse/GRAILS-7542
>
> I'm glad this is fixed as we considered this a bug, but I can see how it
> might have been useful in dev.  Looked like it took a major rewrite of
> some view/layout handling, so I don't think it will be easy to put back in
> as a configuration option.
>
> -Brian
>
> -----Original Message-----
> From: Parmeley, Michael [mailto:[hidden email]]
> Sent: Friday, December 23, 2011 8:27 AM
> To: [hidden email]
> Subject: Re: [grails-user] Direct linking to .gsp in Grails 2.0
>
> If this is no longer allowed in Grails 2.0.0 this will drastically slow
> down development of views. Because instead of being able to make changes
> to the GSP, refresh the page and immediately see the results I am going to
> have to always go through the controller which probably means inserting
> stuff in the database when I just want to make adjustments to the view.
>
>
> On Dec 23, 2011, at 9:22 AM, Ian Roberts wrote:
>
>> On 23/12/2011 15:14, Parmeley, Michael wrote:
>>> Does anyone know if this is intentional or if it is a bug?
>>
>> IMHO it's a bug in 1.3.7 if this is allowed, rather than a bug in 2.0
>> that it is forbidden...  If I want a particular view to be accessible
>> directly (as opposed to rendered via a controller action) then I'll
>> declare that in my UrlMappings.
>>
>> Ian
>>
>> --
>> Ian Roberts               | Department of Computer Science
>> [hidden email]  | University of Sheffield, UK
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>   http://xircles.codehaus.org/manage_email
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Ian Roberts
On 23/12/2011 15:41, Parmeley, Michael wrote:
> This is a horrible change. This renders Grails useless for quickly
> making changes to my views and then refreshing my browser.
>
> I also display .gsp files in jQuery UI dialogs. So you are saying
> that now I have to send a request to view my .gsp through a
> controller action that simply renders my .gsp?

It's been possible since at least Grails 1.2 to have a URL that maps
directly to a view with no controller action involved.  Something like

"/jq/$view"(controller:"staticViews")

would make views/staticViews/foo.gsp visible as /myapp/jq/foo without
the need to make *all* the views in the application directly accessible.

If you want to be able to directly address your views for
development/testing purposes then a similar mapping such as

"/directViews/$controller/$view"()

should support that (but you'd need some way to turn it off in
production for security reasons).

Essentially my position is that the UrlMappings ought to have the final
say over what is and is not a valid URL in a Grails application - if
there's a way to access controllers or views that bypasses the rules I
put in my UrlMappings then as far as I'm concerned that is a bug that
needs to be fixed.

Ian

--
Ian Roberts               | Department of Computer Science
[hidden email]  | University of Sheffield, UK

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

mjparme
I see the point from a security standpoint. And since I seem to be the only one complaining about it I must be the only one that using this bug as a feature.

I will mess with UrlMappings to get the gsp's I use in my jQuery UI dialogs directly accessible.

On Dec 23, 2011, at 10:09 AM, Ian Roberts wrote:

> On 23/12/2011 15:41, Parmeley, Michael wrote:
>> This is a horrible change. This renders Grails useless for quickly
>> making changes to my views and then refreshing my browser.
>>
>> I also display .gsp files in jQuery UI dialogs. So you are saying
>> that now I have to send a request to view my .gsp through a
>> controller action that simply renders my .gsp?
>
> It's been possible since at least Grails 1.2 to have a URL that maps
> directly to a view with no controller action involved.  Something like
>
> "/jq/$view"(controller:"staticViews")
>
> would make views/staticViews/foo.gsp visible as /myapp/jq/foo without
> the need to make *all* the views in the application directly accessible.
>
> If you want to be able to directly address your views for
> development/testing purposes then a similar mapping such as
>
> "/directViews/$controller/$view"()
>
> should support that (but you'd need some way to turn it off in
> production for security reasons).
>
> Essentially my position is that the UrlMappings ought to have the final
> say over what is and is not a valid URL in a Grails application - if
> there's a way to access controllers or views that bypasses the rules I
> put in my UrlMappings then as far as I'm concerned that is a bug that
> needs to be fixed.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Ian Briscoe
Hi Michael,

You're not the only one using this bug as a feature!  I thought this was a standard Grails feature too.

I am upgrading my application to Grails 2.0, and have just run into this issue, causing much head scratching, as, like you say, there is no reference to it in the documentation describing the 1.3.x -> 2.0 upgrade.

As changes go, it's pretty inconvenient - Grails is supposed to offer convention over configuration, so I'm now missing a useful convention for adding simple views.

Like yourself, I'm going to have to mess with UrlMappings now...


Ian

On 23 December 2011 16:28, Parmeley, Michael <[hidden email]> wrote:
I see the point from a security standpoint. And since I seem to be the only one complaining about it I must be the only one that using this bug as a feature.

I will mess with UrlMappings to get the gsp's I use in my jQuery UI dialogs directly accessible.

On Dec 23, 2011, at 10:09 AM, Ian Roberts wrote:

> On 23/12/2011 15:41, Parmeley, Michael wrote:
>> This is a horrible change. This renders Grails useless for quickly
>> making changes to my views and then refreshing my browser.
>>
>> I also display .gsp files in jQuery UI dialogs. So you are saying
>> that now I have to send a request to view my .gsp through a
>> controller action that simply renders my .gsp?
>
> It's been possible since at least Grails 1.2 to have a URL that maps
> directly to a view with no controller action involved.  Something like
>
> "/jq/$view"(controller:"staticViews")
>
> would make views/staticViews/foo.gsp visible as /myapp/jq/foo without
> the need to make *all* the views in the application directly accessible.
>
> If you want to be able to directly address your views for
> development/testing purposes then a similar mapping such as
>
> "/directViews/$controller/$view"()
>
> should support that (but you'd need some way to turn it off in
> production for security reasons).
>
> Essentially my position is that the UrlMappings ought to have the final
> say over what is and is not a valid URL in a Grails application - if
> there's a way to access controllers or views that bypasses the rules I
> put in my UrlMappings then as far as I'm concerned that is a bug that
> needs to be fixed.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

mjparme
In reply to this post by Ian Roberts
The other problem with this change is it is a breaking change, but it isn't documented in the 2.0 What's New document to be aware of this.  I can only surmise it is going to break a lot of applications that currently depend on being able to directly link gsp's.

On Dec 23, 2011, at 10:09 AM, Ian Roberts wrote:

> On 23/12/2011 15:41, Parmeley, Michael wrote:
>> This is a horrible change. This renders Grails useless for quickly
>> making changes to my views and then refreshing my browser.
>>
>> I also display .gsp files in jQuery UI dialogs. So you are saying
>> that now I have to send a request to view my .gsp through a
>> controller action that simply renders my .gsp?
>
> It's been possible since at least Grails 1.2 to have a URL that maps
> directly to a view with no controller action involved.  Something like
>
> "/jq/$view"(controller:"staticViews")
>
> would make views/staticViews/foo.gsp visible as /myapp/jq/foo without
> the need to make *all* the views in the application directly accessible.
>
> If you want to be able to directly address your views for
> development/testing purposes then a similar mapping such as
>
> "/directViews/$controller/$view"()
>
> should support that (but you'd need some way to turn it off in
> production for security reasons).
>
> Essentially my position is that the UrlMappings ought to have the final
> say over what is and is not a valid URL in a Grails application - if
> there's a way to access controllers or views that bypasses the rules I
> put in my UrlMappings then as far as I'm concerned that is a bug that
> needs to be fixed.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Ian Roberts
On 23/12/2011 17:29, Parmeley, Michael wrote:
> The other problem with this change is it is a breaking change, but it isn't documented in the 2.0 What's New document to be aware of this.  I can only surmise it is going to break a lot of applications that currently depend on being able to directly link gsp's.

The user guide source is at https://github.com/grails/grails-doc/, in
particular
https://github.com/grails/grails-doc/blob/master/src/en/guide/gettingStarted/upgradingFromPreviousVersionsOfGrails.gdoc,
feel free to submit a JIRA or GitHub pull request with a patch.

Ian

--
Ian Roberts               | Department of Computer Science
[hidden email]  | University of Sheffield, UK

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

mjparme
In reply to this post by Ian Roberts
So what you are saying is that every version of Grails prior to 2.0 is insecure? In that case should someone release a security bulletin or something?

So one person thought this was a bad idea, submitted a bug report to the Grails project and now every single Grails user has to live with the consequences of this obviously not well-thought out change?


On Dec 23, 2011, at 10:09 AM, Ian Roberts wrote:

> On 23/12/2011 15:41, Parmeley, Michael wrote:
>> This is a horrible change. This renders Grails useless for quickly
>> making changes to my views and then refreshing my browser.
>>
>> I also display .gsp files in jQuery UI dialogs. So you are saying
>> that now I have to send a request to view my .gsp through a
>> controller action that simply renders my .gsp?
>
> It's been possible since at least Grails 1.2 to have a URL that maps
> directly to a view with no controller action involved.  Something like
>
> "/jq/$view"(controller:"staticViews")
>
> would make views/staticViews/foo.gsp visible as /myapp/jq/foo without
> the need to make *all* the views in the application directly accessible.
>
> If you want to be able to directly address your views for
> development/testing purposes then a similar mapping such as
>
> "/directViews/$controller/$view"()
>
> should support that (but you'd need some way to turn it off in
> production for security reasons).
>
> Essentially my position is that the UrlMappings ought to have the final
> say over what is and is not a valid URL in a Grails application - if
> there's a way to access controllers or views that bypasses the rules I
> put in my UrlMappings then as far as I'm concerned that is a bug that
> needs to be fixed.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Nathan Wells
I didn't use this functionality/bug before, but I could definitely see how this would be useful in development. Perhaps there is some rule that could be thrown into UrlMappings that would (for dev mode only) dynamically find all views and provide a url for them?

I'm no Grails expert, but this seems like it should be possible, and relatively easy.

That being said, I definitely consider automatically exposing GSPs in production to be a bug. I'm glad that Grails was improved in the "secure by default" category.

Nathan Wells


On Fri, Dec 23, 2011 at 10:45 AM, Parmeley, Michael <[hidden email]> wrote:
So what you are saying is that every version of Grails prior to 2.0 is insecure? In that case should someone release a security bulletin or something?

So one person thought this was a bad idea, submitted a bug report to the Grails project and now every single Grails user has to live with the consequences of this obviously not well-thought out change?


On Dec 23, 2011, at 10:09 AM, Ian Roberts wrote:

> On 23/12/2011 15:41, Parmeley, Michael wrote:
>> This is a horrible change. This renders Grails useless for quickly
>> making changes to my views and then refreshing my browser.
>>
>> I also display .gsp files in jQuery UI dialogs. So you are saying
>> that now I have to send a request to view my .gsp through a
>> controller action that simply renders my .gsp?
>
> It's been possible since at least Grails 1.2 to have a URL that maps
> directly to a view with no controller action involved.  Something like
>
> "/jq/$view"(controller:"staticViews")
>
> would make views/staticViews/foo.gsp visible as /myapp/jq/foo without
> the need to make *all* the views in the application directly accessible.
>
> If you want to be able to directly address your views for
> development/testing purposes then a similar mapping such as
>
> "/directViews/$controller/$view"()
>
> should support that (but you'd need some way to turn it off in
> production for security reasons).
>
> Essentially my position is that the UrlMappings ought to have the final
> say over what is and is not a valid URL in a Grails application - if
> there's a way to access controllers or views that bypasses the rules I
> put in my UrlMappings then as far as I'm concerned that is a bug that
> needs to be fixed.
>
> Ian
>
> --
> Ian Roberts               | Department of Computer Science
> [hidden email]  | University of Sheffield, UK
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Jeff Scott Brown
On Fri, Dec 23, 2011 at 1:17 PM, Nathan Wells <[hidden email]> wrote:
>
> That being said, I definitely consider automatically exposing GSPs in
> production to be a bug. I'm glad that Grails was improved in the "secure by
> default" category.
>


I agree.  I think the default behavior in 2.0 with respect to this is
more secure than the default behavior prior to 2.0.  I consider the
pre 2.0 behavior to be a bug.



jb
--
Jeff Brown
SpringSource
http://www.springsource.com/

Autism Strikes 1 in 166
Find The Cause ~ Find The Cure
http://www.autismspeaks.org/

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

bobbywarner
Agreed!  I'm the one who created the JIRA and really like that it's "secure by default" now.  As others have mentioned, you can always create URL mappings for directly showing views without going through a controller (just like the index.gsp and error.gsp in a new app).


Thanks,
Bobby
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Direct linking to .gsp in Grails 2.0

Lari Hotari -
In reply to this post by mjparme

If you use the MVC pattern, there should be no requirement to access the
view directly.

You can get the old behaviour by moving gsp files from grails-app/views
to the web-app directory. Gsp files under the web-app directory get
processed by the GroovyPagesServlet.

Regards,

Lari



23.12.2011 17:41, Parmeley, Michael wrote:

> This is a horrible change. This renders Grails useless for quickly making changes to my views and then refreshing my browser.
>
> I also display .gsp files in jQuery UI dialogs. So you are saying that now I have to send a request to view my .gsp through a controller action that simply renders my .gsp?
>
> On Dec 23, 2011, at 9:35 AM, Brian Saville wrote:
>
>> http://jira.grails.org/browse/GRAILS-7542
>>
>> I'm glad this is fixed as we considered this a bug, but I can see how it
>> might have been useful in dev.  Looked like it took a major rewrite of
>> some view/layout handling, so I don't think it will be easy to put back in
>> as a configuration option.
>>
>> -Brian
>>
>> -----Original Message-----
>> From: Parmeley, Michael [mailto:[hidden email]]
>> Sent: Friday, December 23, 2011 8:27 AM
>> To: [hidden email]
>> Subject: Re: [grails-user] Direct linking to .gsp in Grails 2.0
>>
>> If this is no longer allowed in Grails 2.0.0 this will drastically slow
>> down development of views. Because instead of being able to make changes
>> to the GSP, refresh the page and immediately see the results I am going to
>> have to always go through the controller which probably means inserting
>> stuff in the database when I just want to make adjustments to the view.
>>
>>
>> On Dec 23, 2011, at 9:22 AM, Ian Roberts wrote:
>>
>>> On 23/12/2011 15:14, Parmeley, Michael wrote:
>>>> Does anyone know if this is intentional or if it is a bug?
>>> IMHO it's a bug in 1.3.7 if this is allowed, rather than a bug in 2.0
>>> that it is forbidden...  If I want a particular view to be accessible
>>> directly (as opposed to rendered via a controller action) then I'll
>>> declare that in my UrlMappings.
>>>
>>> Ian
>>>
>>> --
>>> Ian Roberts               | Department of Computer Science
>>> [hidden email]  | University of Sheffield, UK
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this list, please visit:
>>>
>>>   http://xircles.codehaus.org/manage_email
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>    http://xircles.codehaus.org/manage_email
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>    http://xircles.codehaus.org/manage_email
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>     http://xircles.codehaus.org/manage_email
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Loading...