cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giacomo Pati <Giacomo.P...@pwr.ch>
Subject Re: [C2]Access control using sitemap
Date Mon, 11 Sep 2000 19:26:44 GMT
Peter Donald wrote:
> 
> At 10:43  10/9/00 +0200, Giacomo Pati wrote:
> >The example above is probably misleading because we don't have a Action
> >component in the sitemap so far. Generally speaking I think a Sitemap
> >Action is an object that acts upon an application model based on data
> >supplied by the environments objectModel (ie Request). It's its
> >responsability to make some data available to the Sitemap engine as
> >further selection/matching criteria (a List object) as well as in the
> >objectModel for other sitemap components
> ... snip ...
> 
> yes I like this :P. I think it does all that I would require - thou I will
> try and break it next weakend to see if I can :P
                        ^^^^^^^
Where is your weak end ;)

What you mean with "try and break". If you mean something like
implementing it, so wait. I have a C2 version on my hd that I use to
experiment with the mentioned Action component to see if this would work
like excpected (you must know I mostly can't resist testing things that
are easy and quickly to implemented ;-). I had this extension to C2 in
mind for a couple of days. 

> >> There is also the idea of latent actions. For instance the latent Action is
> >> transmitted between end-user and cocoon until they are activated. Actions
> >> may also be made latent (or deactivated) in a couple of cases. Like when
> >> you try to submit form but are not logged in - it will save action/form
> >> data (or put action into latent state) and then after login commit the
> >> action (or re-activate action).
> >
> >Isn't this a matter how components play together?
> 
> not really - it is impossible for an individual action to "discover" the
> other actions as the data may come in via post/get/cookies/other and is
> really a container issue - where actions are contained. There needs to be a
> way to grab all actions that have been passed to webapp (rather than those
> that are implicit via sitemap) and store them.

Oh, you mean something like pushing the current request onto a stack,
executing an other request (pipeline) and if it's signaling ok
re-request from that stack afterwards?

> >> * Then specific resources webapp/a.xml, webapp/b.xml and webapp/admin/c.xml
> >> must run FormValidationAction with appropriate form schema and the
> >> apprporiate FormDBEntryAction
> >
> >Didn't get the last one? What is a FormDBEntryAction for? Probably an
> >XSP page?
> 
> nope - it is just an action that grabs stuff from environment and places it
> in a database. I usually seperate it from form validation and consider this
> form saving :P

Should be easy with a separate Action component. Maybe such a component
can be customized at configuration time or with Parameters at runtien to
suit the need. I don't want to go that far to say we need Actions being
composed out of several other Actions (well sound thrilling but maybe
for one of the next releases :).

> >> * A user can also arbitarily submit an action from any page (via post
> >> request or perhaps a ?action=blah tacked onto URL) that must be executed.
> >
> >  <match type="uri" pattern="webapp/**">
> >    <act type="session-validation"/>
> >    <match type="uri" pattern="webapp/admin">
> >      <act type="assign-role">
> >        <select type="role-selector">
> >          <when test="admin">
> >            <match type="uri" pattern="webapp/admin/c.xml">
> >              <act type="form-validation src="admin/form-schema-c.xsd"/>
> >              <!-- the following next-page action has knowledge of the
> >                   sequence of pages and returns a List with the first
> >element
> >                   corresponding to the "next page" appropriate
> >depending on
> >                   values in the objectModel signaling successful
> >validation by
> >                   the previous action (type="form-validation"). The
> >following
> >                   three lines could be put into a sitemap resource
> >definition
> >                   and replaced by <redirect-to resource="next-page"/>
> >              -->
> >              <act type="next-page">
> >                <generate src="{1}"/>
> >              </act>
> >            </match>
> >          <otherwise>
> >            <match type="uri-regexp" pattern="webapp/(a|b)\.xml">
> >              <act type="form-validation src="form-schema-{1}.xsd"/>
> >              <act type="next-page">
> >                <generate src="{1}"/>
> >              </act>
> >            </match>
> >          </when>
> >        </select>
> >      </act>
> >    </match>
> >  </match>
> 
> This could work real good :P
> 
> >> It may also be good to have an action that's sole purpose is to extract
> >> explicit action requests and execute/store them (ActionExtractorAction +
> >> ActionDispatcherAction ???)
> >
> >Please answer these question yourself after you've read my explanations.
> 
> ActionExtraction is really a container concern and thus dispatching can be
> either a container or else contained concern (much like servlet dispatching
> via /servlet/<servlet-name> is done via another servlet).
> 
> Anyways I will try to come up with problems with this approach (if any) and
> try a few thought experiments :P

I'm really awaiting your thoughts about it :)

Giacomo

-- 
PWR GmbH, Organisation & Entwicklung      Tel:   +41 (0)1  856 2202
Giacomo Pati, CTO/CEO                     Fax:   +41 (0)1  856 2201
Hintereichenstrasse 7                     Mobil: +41 (0)78 759 7703 
CH-8166 Niederweningen                    Mailto:Giacomo.Pati@pwr.ch 
                                          Web:   http://www.pwr.ch

Mime
View raw message