cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: [RT] Access to the object model
Date Wed, 21 May 2003 05:56:34 GMT
on 5/20/03 3:57 PM Sylvain Wallez wrote:

> Vadim Gritsenko wrote:
> 
> 
>>Sylvain Wallez wrote:
>>
>>
>>>Vadim Gritsenko wrote:
>>>
>>>
>>>>Sylvain Wallez wrote:
>>>>...
>>>
>>...
>>
>>
>>>>>[1] http://www.cocoondev.org/projects/cvssource.html#N1005E
>>>>
>>>><commit-message-expr>{request-attr:cvs-message}</commit-message-expr>
>>>>
>>>>Ewww!!! Looks awful! Ain't there better way -- like pass info via 
>>>>URI? Things like that must be controlled from the sitemap, not from 
>>>>cocoon.xconf.
>>>
>>>
>>>For this one, I admit it's awful. But look at the other ones also :
>>> <username-expr>{session-attr:cvs-user}</username-expr>
>>> <password-expr>{session-attr:cvs-passwd}</password-expr>
>>>
>>>I used the same mechanism for the commit message because the 
>>>mechanism was there and I lacked time to do something nicer.
>>
>>Compare with:
>>
>><map:generate 
>>src="cvs://{session-attr:cvs-user}:{session-attr:cvs-password}@cvs.apache.org/home/cvs/cocoon-site/site/2.1/index.html"/>
>>
>>Or something similar. Will it work? Is it better or worse - from your 
>>POV?
> 
> 
> 
> Well, I have to explain further how my project using the CVSSource works 
> (gee, will you find it hacky also ?).
> 
> This is a lightweight CMS working with a repository. The sitemap doesn't 
> care if this is CVS, slide, files, or any other modifiable source, or a 
> combination thereof, and actually doesn't use "cvs:" at all. All calls 
> to the repository use a "repo:" protocol which is equivalent to a 
> mounting table :
> 
>         <protocol name="repo" class="...">
>             <!-- source mappings : maps a top-level directory 
> ("repo:/topdir") to another source
>                "from" attribute : top-level directory (first path element)
>                "to" attribute : target mount point.
>             -->
>             <map from="spec" to="cvs:auth:/spec/"/>
>             <map from="man"  to="cvs:auth:/man/"/>
>             <map from="gen"  to="cvs:/gen/"/>
>             <map from="img" to="file:/app-dir/data/img"/>
>         </protocol>
> 
> So the sitemap actually contains <map:generate src="repo://spec/foo"/> 
> where user credentials cannot fit.
> 
> The scheme you propose, even if it works, requires to repeat the 
> authentication scheme everywhere the repository is used. It also has the 
> potential bad side effect of showing user credential in clear text in 
> the logs or in an error screen (e.g. ResourceNotFoundException).

Now, my question remains: the flow has access to the object model and
the flow has access to the component, why don't you use that as the glue
between them and leave IoC intact?

What am I missing?

-- 
Stefano.



Mime
View raw message