cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Neeme Praks" <ne...@one.lv>
Subject RE: [C2]Access control using sitemap
Date Tue, 19 Sep 2000 18:43:46 GMT

> -----Original Message-----
> From: Zvi [mailto:thezvi@ifrance.com]
> Sent: Tuesday, September 19, 2000 7:17 PM

[snip]

> Neeme, in your attached message u wrote:
>
> "As a result, besides providing simple dynamic URI generation
> (inherited
> from Turbine), Jetspeed needs POST/GET variable namespacing. Basically
> it means that jetspeed should provide totally transparent
> form variable
> name rewriting to avoid name clashes between different portlets on the
> same page (similar to URL rewriting provided by servlet
> engine). This is
> useful when I'm generating URL with some variables in querystring: if
> you put variable names without any namespacing, there will be
> no way to
> find out to which portlet these variables were meant for. Also it is
> good for security if portlets have access to only their own variables.
> This could possibly be achieved with simple XSLT stylesheet that
> transforms all the variable names."
>
> I think, that this superflous, b/c each portlet will have its
> own form, so browser
> will POST only variables from the right form. In case of GET
> you choose the variables
> to put on query string, so there is no problem.

I agree about post variables. However, I don't get it in the case of GET
variables.
Example:
Lets say that I have a page that consists of many portlets (these
"window-like" pieces in portals). Now, for example, one portlet displays
some stuff from some database table depending on querystring parameter "id".
And on the same page, there is some other portlet that also looks at the
"id" parameter to display data from some other database table.
Now we end up in a mess pretty fast...

Neeme


Mime
View raw message