You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Leszek Gawron <lg...@mobilebox.pl> on 2004/12/08 13:03:28 UTC
Re: svn commit: r111262 - in cocoon/branches/BRANCH_2_1_X/src: java/org/apache/cocoon/components/flow
webapp/WEB-INF
lgawron@apache.org wrote:
> Author: lgawron
> Date: Wed Dec 8 03:47:12 2004
> New Revision: 111262
>
> URL: http://svn.apache.org/viewcvs?view=rev&rev=111262
> Log:
> implement 2 modes of work for continuations manager:
> - standard, as it was up till now
> - secure in which continuations are bound to session. Only the session that created a continuation can invoke it.
> All continuations bound to session are invalidated when the session ifself gets invalidated.
> This mode is for those users who build web applications protected with authentification.
> Modified:
> cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java
> cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/components/flow/WebContinuation.java
> cocoon/branches/BRANCH_2_1_X/src/webapp/WEB-INF/cocoon.xconf
Previously we have discussed about three continuations manager work modes:
- standard (current functionality)
- continuations invalidated along with session, still the continuation
is reachable from other sessions (or no session at all)
- fully isolated. only the session that created the continuation can
access it.
Thing is after a while I still do not see a use case for a second case
where continuations would be invalidated with user session but still
accessibe for everyone (of course before invalidation). So I have
changed the continuations manager to support only 1st and 3rd case.
about 2nd: YAGNI (thanks Stefano for new cool phrase :))
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Re: svn commit: r111262 - in cocoon/branches/BRANCH_2_1_X/src: java/org/apache/cocoon/components/flow
webapp/WEB-INF
Posted by Stefano Mazzocchi <st...@apache.org>.
Leszek Gawron wrote:
> about 2nd: YAGNI (thanks Stefano for new cool phrase :))
I guess it was Sylvain that introduced me to it, so thank him :-)
--
Stefano.
Re: svn commit: r111262 - in cocoon/branches/BRANCH_2_1_X/src: java/org/apache/cocoon/components/flow
webapp/WEB-INF
Posted by Vadim Gritsenko <va...@reverycodes.com>.
Leszek Gawron wrote:
> Vadim Gritsenko wrote:
>
>> Leszek Gawron wrote:
>>
>>>
>>> Previously we have discussed about three continuations manager work
>>> modes:
>>>
>>> - standard (current functionality)
>>> - continuations invalidated along with session, still the continuation
>>> is reachable from other sessions (or no session at all)
>>> - fully isolated. only the session that created the continuation can
>>> access it.
>>>
>>> Thing is after a while I still do not see a use case for a second
>>> case where continuations would be invalidated with user session but
>>> still accessibe for everyone (of course before invalidation). So I
>>> have changed the continuations manager to support only 1st and 3rd case.
>>>
>>> about 2nd: YAGNI (thanks Stefano for new cool phrase :))
>>
>>
>>
>> I thought 1st was older functionality, 2nd was current functionality
>> (with sitemap isolation, not sessions). 2nd as you formulated it is
>> not needed, 100% agreement here.
>>
>
> Not quite. Sitemap isolation is implied for EVERY case.
Currently - yes. But not at the time when discussion was made. I was referring
to the older discussion.
> If the user has
> a site that he/she is not able to refactor the old behaviour may be
> enabled by setting continuation-sharing-bug-compatible to true.
I know.
Vadim
Re: Continuation manager modes
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Reinhard Poetz wrote:
>>
>> Users have been asking for backward compatibility (even though it's
>> broken) so you can enable the old behaviour and get warnings in your
>> log files. AFAIU some sites were relying on broken functionality too
>> much and are quite hard to refactor.
>
>
> What's those users usecase? How do they reuse the continuation across
> sitemaps? I have never had the need for this ...
http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=110200109324171&w=2
I do not know more. As this is a patch that does not affect whole system
much and can be easily removed by deleting 2 lines in code I applied it
without asking.
>
>> I applied the patch to 2.1.x and trunk. I think it was a mistake to do
>> it for trunk and I will remove it soon. WDYT?
>
>
> IMO we should deprecate this functionality in 2.1 (log WARNings) and
> remove it in 2.2.
This is not a functionality. This is a bug. Allowing user to invoke a
continuation in an improper context leads only to application errors.
I'd better leave it in 2.1.x as it is now:
* Continuation lookup in a wrong context yields a WARNing so user can
trace their errors.
* As the result you will get InvalidContinuationException. You can force
the continuation manager to return a requested continuation by setting
continuation-sharing-bug-compatible to true. Still you will have a
WARNing in your log every time you do that.
I'll change the continuations manager in 2.2 today. There will be no way
back to buggy behaviour.
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Re: Continuation manager modes
Posted by Reinhard Poetz <re...@apache.org>.
Leszek Gawron wrote:
> Reinhard Poetz wrote:
>
>> Leszek Gawron wrote:
>>
>>> Vadim Gritsenko wrote:
>>>
>>>> Leszek Gawron wrote:
>>>>
>>>>>
>>>>> Previously we have discussed about three continuations manager work
>>>>> modes:
>>>>>
>>>>> - standard (current functionality)
>>>>> - continuations invalidated along with session, still the continuation
>>>>> is reachable from other sessions (or no session at all)
>>>>> - fully isolated. only the session that created the continuation can
>>>>> access it.
>>
>>
>>
>> IIUC before you introduced your changes it was possible to reuse
>> continuations independently from where they have been created. What's
>> the usecase for this so that we still have have to support it?
>
> Users have been asking for backward compatibility (even though it's
> broken) so you can enable the old behaviour and get warnings in your log
> files. AFAIU some sites were relying on broken functionality too much
> and are quite hard to refactor.
What's those users usecase? How do they reuse the continuation across sitemaps?
I have never had the need for this ...
> I applied the patch to 2.1.x and trunk. I think it was a mistake to do
> it for trunk and I will remove it soon. WDYT?
IMO we should deprecate this functionality in 2.1 (log WARNings) and remove it
in 2.2.
--
Reinhard
Re: Continuation manager modes
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Reinhard Poetz wrote:
> Leszek Gawron wrote:
>
>> Vadim Gritsenko wrote:
>>
>>> Leszek Gawron wrote:
>>>
>>>>
>>>> Previously we have discussed about three continuations manager work
>>>> modes:
>>>>
>>>> - standard (current functionality)
>>>> - continuations invalidated along with session, still the continuation
>>>> is reachable from other sessions (or no session at all)
>>>> - fully isolated. only the session that created the continuation can
>>>> access it.
>
>
> IIUC before you introduced your changes it was possible to reuse
> continuations independently from where they have been created. What's
> the usecase for this so that we still have have to support it?
Users have been asking for backward compatibility (even though it's
broken) so you can enable the old behaviour and get warnings in your log
files. AFAIU some sites were relying on broken functionality too much
and are quite hard to refactor.
I applied the patch to 2.1.x and trunk. I think it was a mistake to do
it for trunk and I will remove it soon. WDYT?
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Re: Continuation manager modes
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Reinhard Poetz wrote:
> Leszek Gawron wrote:
>
>> Reinhard Poetz wrote:
>>
>>> Leszek Gawron wrote:
>>>
>>>> Reinhard Poetz wrote:
>>>>
>>>>> Leszek Gawron wrote:
>>>>>
>>>>>> Vadim Gritsenko wrote:
>>>>>>
>>>>>>> Leszek Gawron wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Previously we have discussed about three continuations manager
>>>>>>>> work modes:
>>>>>>>>
>>>>>>>> - standard (current functionality)
>>>>>>>> - continuations invalidated along with session, still the
>>>>>>>> continuation
>>>>>>>> is reachable from other sessions (or no session at all)
>>>>>>>> - fully isolated. only the session that created the continuation
>>>>>>>> can
>>>>>>>> access it.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> IIUC before you introduced your changes it was possible to reuse
>>>>> continuations independently from where they have been created.
>>>>> What's the usecase for this so that we still have have to support it?
>>>>
>>>>
>>>>
>>>>
>>>> Hmm after 2nd reading of your post I see I did not understand you.
>>>>
>>>> There are two orthogonal aspects of continuation visibility:
>>>> - interpreter aspect: continuation should always be resumed by the same
>>>> interpreter that created it. If not you could invoke your
>>>> continuation
>>>> in other sitemap (wrong context, resource not found exceptions,
>>>> security problems).
>>>> This case has been fixed. Still you can enable the old behaviur
>>>> because some users relied on that functionality (although broken).
>>>>
>>>> - security aspect:
>>>> - OLD MODE: you can make your continuations visible for everyone. One
>>>> user creates a continuation and passes the link to another user.
>>>> The
>>>> other one invokes it in a browser - it works. This is just as it
>>>> has
>>>> been from the start.
>>>> - NEW MODE: secure continuations.
>>>> Above behaviour creates following problems for authenticated web
>>>> applications:
>>>> * continuation ids might be stored in browser link history or page
>>>> cache.
>>>> * even though user has logged out and the session has been
>>>> invalidated the continuation might still be valid. As long as
>>>> resuming continuation does not query data from user session it
>>>> will work. This way you can have access to secured part of
>>>> application without even logging in.
>>>> So the following mode has been introduced:
>>>> * continuations are bound to the session.
>>>> * You can lookup the continuation only among the ones you have
>>>> created yourself. This way even though you "steal" a continuation
>>>> id from somewhere it's no use for you.
>>>> * When the session gets invalidated all continuations get
>>>> invalidated too.
>>>>
>>>> Hope that clears the situation.
>>>
>>>
>>>
>>>
>>> Thanks for the summary. The only point I still don't understand is:
>>> What's the usecase to resume a continuation in a different sitemap?
>>> What did people try to solve this way? (I'm asking because it sounds
>>> like a bug and not like a feature that we have to maintain.)
>>>
>> Let's ask the user himself.
>
>
> Do you remember who is it?
> Does she/he monitor cocoon-dev?
I have already posted a message to dev (you probably already know that).
He has also created a PATCH for that so we can add the same question to
bugzilla and he will get it on his private mailbox.
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Re: Continuation manager modes
Posted by Reinhard Poetz <re...@apache.org>.
Leszek Gawron wrote:
> Reinhard Poetz wrote:
>
>> Leszek Gawron wrote:
>>
>>> Reinhard Poetz wrote:
>>>
>>>> Leszek Gawron wrote:
>>>>
>>>>> Vadim Gritsenko wrote:
>>>>>
>>>>>> Leszek Gawron wrote:
>>>>>>
>>>>>>>
>>>>>>> Previously we have discussed about three continuations manager
>>>>>>> work modes:
>>>>>>>
>>>>>>> - standard (current functionality)
>>>>>>> - continuations invalidated along with session, still the
>>>>>>> continuation
>>>>>>> is reachable from other sessions (or no session at all)
>>>>>>> - fully isolated. only the session that created the continuation can
>>>>>>> access it.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> IIUC before you introduced your changes it was possible to reuse
>>>> continuations independently from where they have been created.
>>>> What's the usecase for this so that we still have have to support it?
>>>
>>>
>>>
>>> Hmm after 2nd reading of your post I see I did not understand you.
>>>
>>> There are two orthogonal aspects of continuation visibility:
>>> - interpreter aspect: continuation should always be resumed by the same
>>> interpreter that created it. If not you could invoke your continuation
>>> in other sitemap (wrong context, resource not found exceptions,
>>> security problems).
>>> This case has been fixed. Still you can enable the old behaviur
>>> because some users relied on that functionality (although broken).
>>>
>>> - security aspect:
>>> - OLD MODE: you can make your continuations visible for everyone. One
>>> user creates a continuation and passes the link to another user. The
>>> other one invokes it in a browser - it works. This is just as it has
>>> been from the start.
>>> - NEW MODE: secure continuations.
>>> Above behaviour creates following problems for authenticated web
>>> applications:
>>> * continuation ids might be stored in browser link history or page
>>> cache.
>>> * even though user has logged out and the session has been
>>> invalidated the continuation might still be valid. As long as
>>> resuming continuation does not query data from user session it
>>> will work. This way you can have access to secured part of
>>> application without even logging in.
>>> So the following mode has been introduced:
>>> * continuations are bound to the session.
>>> * You can lookup the continuation only among the ones you have
>>> created yourself. This way even though you "steal" a continuation
>>> id from somewhere it's no use for you.
>>> * When the session gets invalidated all continuations get
>>> invalidated too.
>>>
>>> Hope that clears the situation.
>>
>>
>>
>> Thanks for the summary. The only point I still don't understand is:
>> What's the usecase to resume a continuation in a different sitemap?
>> What did people try to solve this way? (I'm asking because it sounds
>> like a bug and not like a feature that we have to maintain.)
>>
> Let's ask the user himself.
Do you remember who is it?
Does she/he monitor cocoon-dev?
--
Reinhard
Re: Continuation manager modes
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Reinhard Poetz wrote:
> Leszek Gawron wrote:
>
>> Reinhard Poetz wrote:
>>
>>> Leszek Gawron wrote:
>>>
>>>> Vadim Gritsenko wrote:
>>>>
>>>>> Leszek Gawron wrote:
>>>>>
>>>>>>
>>>>>> Previously we have discussed about three continuations manager
>>>>>> work modes:
>>>>>>
>>>>>> - standard (current functionality)
>>>>>> - continuations invalidated along with session, still the
>>>>>> continuation
>>>>>> is reachable from other sessions (or no session at all)
>>>>>> - fully isolated. only the session that created the continuation can
>>>>>> access it.
>>>
>>>
>>>
>>>
>>> IIUC before you introduced your changes it was possible to reuse
>>> continuations independently from where they have been created. What's
>>> the usecase for this so that we still have have to support it?
>>
>>
>> Hmm after 2nd reading of your post I see I did not understand you.
>>
>> There are two orthogonal aspects of continuation visibility:
>> - interpreter aspect: continuation should always be resumed by the same
>> interpreter that created it. If not you could invoke your continuation
>> in other sitemap (wrong context, resource not found exceptions,
>> security problems).
>> This case has been fixed. Still you can enable the old behaviur
>> because some users relied on that functionality (although broken).
>>
>> - security aspect:
>> - OLD MODE: you can make your continuations visible for everyone. One
>> user creates a continuation and passes the link to another user. The
>> other one invokes it in a browser - it works. This is just as it has
>> been from the start.
>> - NEW MODE: secure continuations.
>> Above behaviour creates following problems for authenticated web
>> applications:
>> * continuation ids might be stored in browser link history or page
>> cache.
>> * even though user has logged out and the session has been
>> invalidated the continuation might still be valid. As long as
>> resuming continuation does not query data from user session it
>> will work. This way you can have access to secured part of
>> application without even logging in.
>> So the following mode has been introduced:
>> * continuations are bound to the session.
>> * You can lookup the continuation only among the ones you have
>> created yourself. This way even though you "steal" a continuation
>> id from somewhere it's no use for you.
>> * When the session gets invalidated all continuations get
>> invalidated too.
>>
>> Hope that clears the situation.
>
>
> Thanks for the summary. The only point I still don't understand is:
> What's the usecase to resume a continuation in a different sitemap? What
> did people try to solve this way? (I'm asking because it sounds like a
> bug and not like a feature that we have to maintain.)
>
Let's ask the user himself.
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Re: Continuation manager modes
Posted by Reinhard Poetz <re...@apache.org>.
Leszek Gawron wrote:
> Reinhard Poetz wrote:
>
>> Leszek Gawron wrote:
>>
>>> Vadim Gritsenko wrote:
>>>
>>>> Leszek Gawron wrote:
>>>>
>>>>>
>>>>> Previously we have discussed about three continuations manager work
>>>>> modes:
>>>>>
>>>>> - standard (current functionality)
>>>>> - continuations invalidated along with session, still the continuation
>>>>> is reachable from other sessions (or no session at all)
>>>>> - fully isolated. only the session that created the continuation can
>>>>> access it.
>>
>>
>>
>> IIUC before you introduced your changes it was possible to reuse
>> continuations independently from where they have been created. What's
>> the usecase for this so that we still have have to support it?
>
> Hmm after 2nd reading of your post I see I did not understand you.
>
> There are two orthogonal aspects of continuation visibility:
> - interpreter aspect: continuation should always be resumed by the same
> interpreter that created it. If not you could invoke your continuation
> in other sitemap (wrong context, resource not found exceptions,
> security problems).
> This case has been fixed. Still you can enable the old behaviur
> because some users relied on that functionality (although broken).
>
> - security aspect:
> - OLD MODE: you can make your continuations visible for everyone. One
> user creates a continuation and passes the link to another user. The
> other one invokes it in a browser - it works. This is just as it has
> been from the start.
> - NEW MODE: secure continuations.
> Above behaviour creates following problems for authenticated web
> applications:
> * continuation ids might be stored in browser link history or page
> cache.
> * even though user has logged out and the session has been
> invalidated the continuation might still be valid. As long as
> resuming continuation does not query data from user session it
> will work. This way you can have access to secured part of
> application without even logging in.
> So the following mode has been introduced:
> * continuations are bound to the session.
> * You can lookup the continuation only among the ones you have
> created yourself. This way even though you "steal" a continuation
> id from somewhere it's no use for you.
> * When the session gets invalidated all continuations get
> invalidated too.
>
> Hope that clears the situation.
Thanks for the summary. The only point I still don't understand is: What's the
usecase to resume a continuation in a different sitemap? What did people try to
solve this way? (I'm asking because it sounds like a bug and not like a feature
that we have to maintain.)
--
Reinhard
Re: Continuation manager modes
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Reinhard Poetz wrote:
> Leszek Gawron wrote:
>
>> Vadim Gritsenko wrote:
>>
>>> Leszek Gawron wrote:
>>>
>>>>
>>>> Previously we have discussed about three continuations manager work
>>>> modes:
>>>>
>>>> - standard (current functionality)
>>>> - continuations invalidated along with session, still the continuation
>>>> is reachable from other sessions (or no session at all)
>>>> - fully isolated. only the session that created the continuation can
>>>> access it.
>
>
> IIUC before you introduced your changes it was possible to reuse
> continuations independently from where they have been created. What's
> the usecase for this so that we still have have to support it?
Hmm after 2nd reading of your post I see I did not understand you.
There are two orthogonal aspects of continuation visibility:
- interpreter aspect: continuation should always be resumed by the same
interpreter that created it. If not you could invoke your continuation
in other sitemap (wrong context, resource not found exceptions,
security problems).
This case has been fixed. Still you can enable the old behaviur
because some users relied on that functionality (although broken).
- security aspect:
- OLD MODE: you can make your continuations visible for everyone. One
user creates a continuation and passes the link to another user. The
other one invokes it in a browser - it works. This is just as it has
been from the start.
- NEW MODE: secure continuations.
Above behaviour creates following problems for authenticated web
applications:
* continuation ids might be stored in browser link history or page
cache.
* even though user has logged out and the session has been
invalidated the continuation might still be valid. As long as
resuming continuation does not query data from user session it
will work. This way you can have access to secured part of
application without even logging in.
So the following mode has been introduced:
* continuations are bound to the session.
* You can lookup the continuation only among the ones you have
created yourself. This way even though you "steal" a continuation
id from somewhere it's no use for you.
* When the session gets invalidated all continuations get
invalidated too.
Hope that clears the situation.
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Continuation manager modes
Posted by Reinhard Poetz <re...@apache.org>.
Leszek Gawron wrote:
> Vadim Gritsenko wrote:
>
>> Leszek Gawron wrote:
>>
>>>
>>> Previously we have discussed about three continuations manager work
>>> modes:
>>>
>>> - standard (current functionality)
>>> - continuations invalidated along with session, still the continuation
>>> is reachable from other sessions (or no session at all)
>>> - fully isolated. only the session that created the continuation can
>>> access it.
IIUC before you introduced your changes it was possible to reuse continuations
independently from where they have been created. What's the usecase for this so
that we still have have to support it?
--
Reinhard
Re: svn commit: r111262 - in cocoon/branches/BRANCH_2_1_X/src: java/org/apache/cocoon/components/flow
webapp/WEB-INF
Posted by Leszek Gawron <lg...@mobilebox.pl>.
Vadim Gritsenko wrote:
> Leszek Gawron wrote:
>
>>
>> Previously we have discussed about three continuations manager work
>> modes:
>>
>> - standard (current functionality)
>> - continuations invalidated along with session, still the continuation
>> is reachable from other sessions (or no session at all)
>> - fully isolated. only the session that created the continuation can
>> access it.
>>
>> Thing is after a while I still do not see a use case for a second case
>> where continuations would be invalidated with user session but still
>> accessibe for everyone (of course before invalidation). So I have
>> changed the continuations manager to support only 1st and 3rd case.
>>
>> about 2nd: YAGNI (thanks Stefano for new cool phrase :))
>
>
> I thought 1st was older functionality, 2nd was current functionality
> (with sitemap isolation, not sessions). 2nd as you formulated it is not
> needed, 100% agreement here.
>
> Vadim
Not quite. Sitemap isolation is implied for EVERY case. If the user has
a site that he/she is not able to refactor the old behaviour may be
enabled by setting continuation-sharing-bug-compatible to true.
--
Leszek Gawron lgawron@mobilebox.pl
Project Manager MobileBox sp. z o.o.
+48 (61) 855 06 67 http://www.mobilebox.pl
mobile: +48 (501) 720 812 fax: +48 (61) 853 29 65
Re: svn commit: r111262 - in cocoon/branches/BRANCH_2_1_X/src: java/org/apache/cocoon/components/flow
webapp/WEB-INF
Posted by Vadim Gritsenko <va...@reverycodes.com>.
Leszek Gawron wrote:
>
> Previously we have discussed about three continuations manager work modes:
>
> - standard (current functionality)
> - continuations invalidated along with session, still the continuation
> is reachable from other sessions (or no session at all)
> - fully isolated. only the session that created the continuation can
> access it.
>
> Thing is after a while I still do not see a use case for a second case
> where continuations would be invalidated with user session but still
> accessibe for everyone (of course before invalidation). So I have
> changed the continuations manager to support only 1st and 3rd case.
>
> about 2nd: YAGNI (thanks Stefano for new cool phrase :))
I thought 1st was older functionality, 2nd was current functionality (with
sitemap isolation, not sessions). 2nd as you formulated it is not needed, 100%
agreement here.
Vadim