You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Antonio Gallardo <ag...@agssa.net> on 2004/04/06 13:32:25 UTC
Re: [PROPOSAL] allow to invoke continuations from flow instead of
sitemap
Leszek Gawron dijo:
> If you use IE (I do not know how other browsers handle this) if you serve
> a
> page without client cache turned off you make a security hole (IE caches
> everything and serves even after user has logged out).
Very smart browser! ROTFL!
> See the code attached below. The "main" method marks all function,
> continuation and view requests not cacheable. What I request is the proper
> handling of code in runContinuation fuction.
>> > For all above examples you have to code logic in sitemap. I
>> > think this is not as elegant as if you could have whole logic
>> > in a flowscript
>> At the current state of this discussion I would say, let's not
>> add this feature to flow. If you want to do such things, write
>> some custom components (input modules, actions etc.) and use
>> them at appropriate places. But perhaps with some more info,
>> I see things in different light.
> If you write actions you split your logic into 2 areas: actions and flow.
> Right now I set "Cache-control" header for continuation with "set-header"
> action.
> The code (assume every non internal uri goes to "main" method ):
> var user = null;
> function main( action ) {
> cocoon.response.setHeader( "Expires", "-1" );
> cocoon.response.setHeader( "Cache-Control", "no-cache" );
> cocoon.response.setHeader( "Pragma", "no-cache" );
All these 3 instructions, can be setted in a the HTML style transformer
instead of doing it in Flow. If not you need to write it over and over.
> if ( user == null && !isContinuation( action ) ) {
> loginInternal();
> }
> invoke( action );
> }
>
> function invoke( action ) {
> print( "action: " + action );
>
> if ( isContinuation( action ) ) {
> var id = extractContinuationId( action );
> print( "da id: " + id );
> runContinuation( id );
> } else {
> func = this[ action ];
> if ( func != undefined )
> func.apply( this );
> else
> cocoon.sendPage( action, {} );
> }
> }
>
>
> function isContinuation( action ) {
> var id = new java.lang.String( action );
> return ( id.endsWith( ".continue" ) || id.endsWith( ".cont" ) );
> }
>
> function extractContinuationId( action ) {
> var id = new java.lang.String( action );
> var pos = id.indexOf( "." );
> return id.substring( 0, pos );
> }
>
> function runContinuation( continuationId ) {
> var contManager = null;
> try {
> contManager = cocoon.getComponent(
> "org.apache.cocoon.components.flow.ContinuationsManager" );
> var wk = contManager.lookupWebContinuation( continuationId );
> } finally {
> if ( contManager != null )
> cocoon.releaseComponent( contManager );
> }
> var c = wk.getContinuation();
> c( wk );
> }
>
In the below code, can you better use the standard authentication-fw. the
auth-fw can also work with flow:
> function loginInternal() {
> var form = new Form( "forms/login_d.xml" );
> var model = form.getModel();
> form.validator = loginValidator;
> form.showForm( "form/login", {} );
> }
>
> function loginValidator( form ) {
> var query = nTerApi.session.createQuery( "from User where name = :name
> and password = :password" );
> query.setString( "name", form.getWidget( "username" ).getValue() );
> query.setString( "password", form.getWidget( "password" ).getValue()
> );
>
> var list = query.list();
> if ( list.size() == 0 ) {
> form.getWidget( "messages" ).addMessage( "BÅÄdny użytkownik lub
> hasÅo!" );
> return false;
> }
>
> user = list.get( 0 );
> return true;
> }
>
> function login() {
> user = null;
> loginInternal();
> cocoon.sendPage( "/nTer/view/welcome.jx", {} );
> }
>
> function logout() {
> user = null;
> cocoon.session.invalidate();
> cocoon.redirectTo( "/nTer/welcome.do", {} );
> }
Re: [PROPOSAL] allow to invoke continuations from flow instead of sitemap
Posted by Leszek Gawron <ou...@wlkp.org>.
On Tue, Apr 06, 2004 at 05:32:25AM -0600, Antonio Gallardo wrote:
> Leszek Gawron dijo:
> > If you use IE (I do not know how other browsers handle this) if you serve
> > a
> > page without client cache turned off you make a security hole (IE caches
> > everything and serves even after user has logged out).
>
> Very smart browser! ROTFL!
At last if you do not close your browser window. That is a real problem
because even if you log out and login again sometimes requesting for examples
/myApp/showProjects.do you do not see your server being hit.
> > The code (assume every non internal uri goes to "main" method ):
> > var user = null;
>
> > function main( action ) {
> > cocoon.response.setHeader( "Expires", "-1" );
> > cocoon.response.setHeader( "Cache-Control", "no-cache" );
> > cocoon.response.setHeader( "Pragma", "no-cache" );
>
> All these 3 instructions, can be setted in a the HTML style transformer
> instead of doing it in Flow. If not you need to write it over and over.
HTML Transformer sets response headers? I do not think so.
META tags maybe - but IE docs say explicitly that headers are preffered over
meta tags
> In the below code, can you better use the standard authentication-fw. the
> auth-fw can also work with flow:
I do not use authentication-fw intentionally as I want to have an acces to a
complete user object ( I use hibernate ).
This is also a reason I do not use container authentication - it gives me
only username and I would have to fetch the user data every time.
lg
--
__
| / \ | Leszek Gawron // \\
\_\\ //_/ ouzo@wlkp.org _\\()//_
.'/()\'. Phone: +48(501)720812 / // \\ \
\\ // recursive: adj; see recursive | \__/ |