You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@sling.apache.org by Christoph Thodte <ch...@ht-solutions.de> on 2016/10/07 10:06:30 UTC

Sling Model and Request Parameters

Hello!

My question to discuss: Why doesn't support Sling Models an adapation from SlingRequest to inject the request parameters (not the request attributes).

I think form handling will be easier with this adaption.

Christoph

RE: Sling Model and Request Parameters

Posted by Stefan Seifert <ss...@pro-vision.de>.

first step is to create a new ticket in our JIRA [1].
if you can provide a patch to the sling codebase it would speed up things!

stefan

[1] https://issues.apache.org/jira/browse/SLING



>-----Original Message-----
>From: Christoph Thodte [mailto:christoph.thodte@ht-solutions.de]
>Sent: Tuesday, October 11, 2016 9:03 AM
>To: users@sling.apache.org
>Subject: AW: Sling Model and Request Parameters
>
>Okay thanks fort he replies.
>
>What is needed to be sling developer and implement this feature?
>
>Christoph
>
>
>-----Ursprüngliche Nachricht-----
>Von: Daniel Klco [mailto:dklco@apache.org]
>Gesendet: Montag, 10. Oktober 2016 16:42
>An: users@sling.apache.org
>Betreff: Re: Sling Model and Request Parameters
>
>Agreed, it'd be nice to have, but request parameters cannot be included in
>the default injectors list for the reason which Stefan lists. Would it make
>sense to use the @Source annotation and add support for injectors which are
>not considered by default?
>
>On Fri, Oct 7, 2016 at 8:40 AM, Stefan Seifert <ss...@pro-vision.de>
>wrote:
>
>> hello christoph.
>>
>> i currently see no hard reason against it, and implementing such an
>> injector+additional annotation would be easy.
>>
>> it opens a bit more "attack surface" because potentially unsafe data
>> from outside is directly injected in your model (perhaps without you
>> noticing it when you use the generic @Inject annotation which iterates
>> over all injectors for the first match).
>>
>> so perhaps it would make sense allowing such an injection only when a
>> specific @RequestParameter annotation is used.
>>
>> stefan
>>
>>
>> >-----Original Message-----
>> >From: Christoph Thodte [mailto:christoph.thodte@ht-solutions.de]
>> >Sent: Friday, October 7, 2016 12:07 PM
>> >To: users@sling.apache.org
>> >Subject: Sling Model and Request Parameters
>> >
>> >Hello!
>> >
>> >My question to discuss: Why doesn't support Sling Models an adapation
>> >from SlingRequest to inject the request parameters (not the request
>> attributes).
>> >
>> >I think form handling will be easier with this adaption.
>> >
>> >Christoph
>>
>>

AW: Sling Model and Request Parameters

Posted by Christoph Thodte <ch...@ht-solutions.de>.

Okay thanks fort he replies.

What is needed to be sling developer and implement this feature?

Christoph


-----Ursprüngliche Nachricht-----
Von: Daniel Klco [mailto:dklco@apache.org] 
Gesendet: Montag, 10. Oktober 2016 16:42
An: users@sling.apache.org
Betreff: Re: Sling Model and Request Parameters

Agreed, it'd be nice to have, but request parameters cannot be included in the default injectors list for the reason which Stefan lists. Would it make sense to use the @Source annotation and add support for injectors which are not considered by default?

On Fri, Oct 7, 2016 at 8:40 AM, Stefan Seifert <ss...@pro-vision.de>
wrote:

> hello christoph.
>
> i currently see no hard reason against it, and implementing such an
> injector+additional annotation would be easy.
>
> it opens a bit more "attack surface" because potentially unsafe data 
> from outside is directly injected in your model (perhaps without you 
> noticing it when you use the generic @Inject annotation which iterates 
> over all injectors for the first match).
>
> so perhaps it would make sense allowing such an injection only when a 
> specific @RequestParameter annotation is used.
>
> stefan
>
>
> >-----Original Message-----
> >From: Christoph Thodte [mailto:christoph.thodte@ht-solutions.de]
> >Sent: Friday, October 7, 2016 12:07 PM
> >To: users@sling.apache.org
> >Subject: Sling Model and Request Parameters
> >
> >Hello!
> >
> >My question to discuss: Why doesn't support Sling Models an adapation 
> >from SlingRequest to inject the request parameters (not the request
> attributes).
> >
> >I think form handling will be easier with this adaption.
> >
> >Christoph
>
>

Re: Sling Model and Request Parameters

Posted by Daniel Klco <dk...@apache.org>.

Agreed, it'd be nice to have, but request parameters cannot be included in
the default injectors list for the reason which Stefan lists. Would it make
sense to use the @Source annotation and add support for injectors which are
not considered by default?

On Fri, Oct 7, 2016 at 8:40 AM, Stefan Seifert <ss...@pro-vision.de>
wrote:

> hello christoph.
>
> i currently see no hard reason against it, and implementing such an
> injector+additional annotation would be easy.
>
> it opens a bit more "attack surface" because potentially unsafe data from
> outside is directly injected in your model (perhaps without you noticing it
> when you use the generic @Inject annotation which iterates over all
> injectors for the first match).
>
> so perhaps it would make sense allowing such an injection only when a
> specific @RequestParameter annotation is used.
>
> stefan
>
>
> >-----Original Message-----
> >From: Christoph Thodte [mailto:christoph.thodte@ht-solutions.de]
> >Sent: Friday, October 7, 2016 12:07 PM
> >To: users@sling.apache.org
> >Subject: Sling Model and Request Parameters
> >
> >Hello!
> >
> >My question to discuss: Why doesn't support Sling Models an adapation from
> >SlingRequest to inject the request parameters (not the request
> attributes).
> >
> >I think form handling will be easier with this adaption.
> >
> >Christoph
>
>

RE: Sling Model and Request Parameters

Posted by Stefan Seifert <ss...@pro-vision.de>.

hello christoph.

i currently see no hard reason against it, and implementing such an injector+additional annotation would be easy.

it opens a bit more "attack surface" because potentially unsafe data from outside is directly injected in your model (perhaps without you noticing it when you use the generic @Inject annotation which iterates over all injectors for the first match).

so perhaps it would make sense allowing such an injection only when a specific @RequestParameter annotation is used.

stefan


>-----Original Message-----
>From: Christoph Thodte [mailto:christoph.thodte@ht-solutions.de]
>Sent: Friday, October 7, 2016 12:07 PM
>To: users@sling.apache.org
>Subject: Sling Model and Request Parameters
>
>Hello!
>
>My question to discuss: Why doesn't support Sling Models an adapation from
>SlingRequest to inject the request parameters (not the request attributes).
>
>I think form handling will be easier with this adaption.
>
>Christoph