cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Loritsch <blorit...@apache.org>
Subject Re: [C2] Checking vars before assignment
Date Wed, 11 Apr 2001 13:58:30 GMT
Giacomo Pati wrote:
> 
> Quoting Peter Donald <donaldp@apache.org>:
> 
> > Hi,
> >
> > I noticed a few things when playing a bit. In quite a few places there
> > is
> > the pattern
> >
> > public void blahize( Blah blah ) {
> >
> >   if( this.blah != null ) {
> >     this.blah = blah;
> >   }
> > }
> >
> > Where blah is context/configuration/componentmanager/other. I am curious
> > -
> > is this needed. It seems to me that if the method is called twice (which
> > this method protects against) it is a fault of container and the
> > component
> > should not be defending against that. Where did this pattern arise and
> > is
> > it still needed ?
> 
> What do you think about this:
> Suppose I have a component written as a Composer
> 
>   SecurityManager secman =
>       (SecurityManager)manager.lookup("role.for.security.manager");
> 
>   Configuration myconf = createMyOwnEvilConfig();
>   ((Configurable)secman).configure(myconf);
> 
> Well, the real pattern to use should be:
> 
>   DON'T EVER LET YOUR WORKING INTERFACE EXTEND *ANY* LIFECYCLE INTERFACES
>   THAT IS NOT IN THE CONCERN OF THE COMPONENT CLIENTS
> 
> Maybe I've missed a discussion about how to specify working interfaces but
> component writers may not be aware of that fact. And because you cannot prevent
> this the easiest way to get more security is to prevent your component being
> configured/initialized/... more that once.

I adopted that approach because the configure(), contextualize(), compose()
methods specify in their contracts that it is write once and only once.  Using
this approach, we are guaranteed that we won't alter the configuration of a
Component while it is in use.

For those RARE occasions (emphasis on RARE) where you need to reconfigure(),
recontextualize(), or recompose() (note the "re" prefix); we have new interfaces
for those.  The contract with those interfaces is that the Component MUST
stop processing (or wait for the current process to finish), perform the
reconfiguration (etc.), and resume processing.  That way it is handled properly,
and you wan't have to deal with overly complex code unless you need it.

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message