You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Sylvain Wallez <sy...@apache.org> on 2004/11/01 09:32:15 UTC
Re: Possible security problem with flowscript
Leszek Gawron wrote:
> Vadim Gritsenko wrote:
>
>>> How can I retrieve that ID? I could implement a test version for
>>> Carsten.
>>
>>
>> It is in AbstractInterpreter.getInterpreterID()
>
> Some problems coming. Are there any reasons why doesn't
> Interpreter.getInterpreterID() exist? Also
> AbstractInterpreter.getInterpreterID() is protected. I have to make it
> public. The thing is: should I also move method declaration to interface?
This method was added for internal needs of the interpreter ID. If it
proves to be needed also to properly implement continuation management,
then +1 for adding it to the interface.
> Next: From what I've got from reading the code I cannot query for
> Interpreter in ContunuationsManager.
Yep, because a ContinuationManager manages several intepreters.
> The only place where interpreter is available is FOM_Cocoon which
> means I have to change ContinuationsManager.createWebContinuation
> signature to pass the interpreterID along with current parameters.
> This change affects all flow implementations. Am I right?
Isn't it all ContinuationsManager implementations that are changed?
Sylvain
--
Sylvain Wallez Anyware Technologies
http://www.apache.org/~sylvain http://www.anyware-tech.com
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }
Re: Possible security problem with flowscript
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Sylvain Wallez wrote:
> Leszek Gawron wrote:
>
>> Vadim Gritsenko wrote:
>>
>>>> How can I retrieve that ID? I could implement a test version for
>>>> Carsten.
>>>
>>>
>>>
>>> It is in AbstractInterpreter.getInterpreterID()
>>
>>
>> Some problems coming. Are there any reasons why doesn't
>> Interpreter.getInterpreterID() exist? Also
>> AbstractInterpreter.getInterpreterID() is protected. I have to make it
>> public. The thing is: should I also move method declaration to interface?
>
>
>
> This method was added for internal needs of the interpreter ID. If it
> proves to be needed also to properly implement continuation management,
> then +1 for adding it to the interface.
>
>> Next: From what I've got from reading the code I cannot query for
>> Interpreter in ContunuationsManager.
>
>
>
> Yep, because a ContinuationManager manages several intepreters.
>
>> The only place where interpreter is available is FOM_Cocoon which
>> means I have to change ContinuationsManager.createWebContinuation
>> signature to pass the interpreterID along with current parameters.
>> This change affects all flow implementations. Am I right?
>
>
>
> Isn't it all ContinuationsManager implementations that are changed?
>
> Sylvain
>
There is one ContinuationsManager implementation
(ContinuationsManagerImpl). In case of javascript flow it is the
FOM_Cocoon that creates continuations:
> public FOM_WebContinuation makeWebContinuation(Continuation k,
> FOM_WebContinuation parent,
> int timeToLive)
> throws Exception {
> if (k == null) {
> return null;
> }
> WebContinuation wk;
> ContinuationsManager contMgr;
> contMgr = (ContinuationsManager)
> getServiceManager().lookup(ContinuationsManager.ROLE);
> wk = contMgr.createWebContinuation(unwrap(k),
> (parent == null ? null : parent.getWebContinuation()),
> timeToLive,
> null);
> FOM_WebContinuation result = new FOM_WebContinuation(wk);
> result.setParentScope(getParentScope());
> result.setPrototype(getClassPrototype(getParentScope(),
> result.getClassName()));
> return result;
> }
the change would be:
wk = contMgr.createWebContinuation(
unwrap(k),
(parent == null ? null : parent.getWebContinuation()),
timeToLive,
null,
getInterpreter().getInterpreterID());
Is it OK to change ContinuationsManager interface then?
in case of JavaFlow it is the interpreter itself that creates
continuations. See
o.a.c.components.flow.java.JavaInterpreter.callFunction (little bit too
long to paste).
lg
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65