cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reinhard Poetz <reinh...@apache.org>
Subject Re: Continuation looks for wrong interpreter when using servlet protocol
Date Thu, 05 Apr 2007 16:09:36 GMT
Reinhard Poetz wrote:
> Leszek Gawron wrote:
>> Reinhard Poetz wrote:
>>> Rice Yeh wrote:
>>>> Hi,
>>>>   Here is another problem when using servlet protocol. A servlet S1 
>>>> extends another servlet S2. A web continuation k is generated in S2. 
>>>> When k returns back, k is matched in S1 with match pattern 
>>>> "*.continue" which exists in S2 also. Then comes an error with 
>>>> message like "k bound to S2, but looked up in S1".
>>>
>>> I wonder if this really increases the security of Cocoon apps which 
>>> was the original reason why this feature was introduced. Can somebody 
>>> comment on this?
>>
>> This is not the thing of security. The actual problem is a 
>> continuation could be created via apples processor and later on picked 
>> up by flowscript. Only the interpreter that creates the continuation 
>> is able to properly make use of it in the future.
>>
>> Apart from that the continuation is created in some context. Any 
>> sendPage( "view/page.jx" ) is resolved in this particular context. 
>> Changing context on the fly would in most cases generate errors.
> 
> I understand the reasons now but I still believe that Rice's usecase is 
> valid but I'm not sure how to solve his problem :-(

After some more thinking: What about a matcher that performs the check? The only 
problem might be that we have to lookup the current sitemaps interpreter and I'm 
not sure if it is accessible from within a matcher.

-- 
Reinhard Pötz           Independent Consultant, Trainer & (IT)-Coach 

{Software Engineering, Open Source, Web Applications, Apache Cocoon}

                                        web(log): http://www.poetz.cc
--------------------------------------------------------------------

Mime
View raw message