cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Zeigler <robert.zeig...@roxanemy.com>
Subject Re: Using Cayenne Servlet Filter can bring the web application down
Date Tue, 15 Sep 2009 16:05:24 GMT
There are still potential pitfalls there in T5.  If your objects are  
in forms, and looped through, by default, they will be serialized into  
the form and when "reconstituted", they will not be attached to a  
context.  As of T5.1, loop, grid, etc. will use ValueEncoder to do  
this job (or PrimaryKeyEncoder, but that's deprecated in 5.1).  The  
nice thing about T5 is that you can contribute ValueEncoders for  
object types that will be used throughout the app, so you're not  
having to constantly specify things.  The t5-cayenne integration  
library provides an implementation.  By default, it stashes the object  
type and pk into the stored string, but it also calls out to an  
encryption service (default implementation just returns the string  
passed to it; you can use ServiceOverrides to contribute your own  
version) so you have the option of encrypting the stored strings  
according to whatever mechanism suites your needs, thereby avoiding  
storing raw pks into urls & form data.  All in all, the T5/cayenne  
experience is much better than the T3/cayenne experience; can't say  
much about T4/cayenne since I skipped from T3 to T5, but I suspect  
that, on the whole, it was similar to T3/cayenne.

Cheers,

Robert


On Sep 15, 2009, at 9/158:23 AM , Michael Gentry wrote:

> Nice.  Did you have any integration issues?  I'm just starting to use
> Cayenne with T5 and it has been surprisingly smooth thus far, but I
> still have lingering memories of the hoops I had to jump through with
> T4 (especially looping over data objects) serializing my objects.
>
> Thanks,
>
> mrg
>
>
> On Mon, Sep 14, 2009 at 12:26 PM, Borut Bolčina <borut.bolcina@gmail.co 
> m> wrote:
>> Yes, we successfully deployed a T5 application (openid server (70K  
>> users and
>> rising) and much more) and yes it uses Cayenne 3M6. :-)
>>
>> I am again gaining momentum to continue writing.
>>
>> Cheers,
>> Borut
>>
>>
>> 2009/9/14 Michael Gentry <mgentry@masslight.net>
>>
>>> Hi Borut,
>>>
>>> I'm just curious if you are still using Tapestry 5 (and if using
>>> Cayenne with T5)?  I also liked your blog where you were writing  
>>> about
>>> T5.  I found that useful when I was just starting to read about T5  
>>> and
>>> get started in it (I'm still learning, of course -- no expert here).
>>>
>>> mrg
>>>
>>>
>>> On Mon, Sep 14, 2009 at 4:07 AM, Borut Bolčina <borut.bolcina@gmail.co 
>>> m>
>>> wrote:
>>>> Hello,
>>>>
>>>> I think web developers should be given an advice at
>>>> http://cayenne.apache.org/doc/web-applications.html that if using
>>> Cayenne
>>>> Servlet Filter the web application can be brought to a halt if a
>>> malicious
>>>> user sends lots of  cookie-less requests (every request bounds data
>>> context
>>>> to a new session). We were testing our app with JMeter and found  
>>>> out we
>>> can
>>>> not afford to use filter approach.
>>>>
>>>> It would be of most value if some debates from the mailing list  
>>>> about how
>>> to
>>>> use DataContext based on different web application needs would be  
>>>> at the
>>>> http://cayenne.apache.org/doc/obtaining-datacontext.html. What I  
>>>> have in
>>>> mind is a tiny cookbook, just two or three recipes, on why it is  
>>>> good to
>>>> gave one data context shared for all users, some data context  
>>>> created for
>>>> each request, some saved in the session, when not to put dc in the
>>> session
>>>> etc.
>>>>
>>>> Should I open an issue in the JIRA?
>>>>
>>>> Cheers,
>>>> Borut
>>>>
>>>
>>


Mime
View raw message