cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grzegorz Kossakowski <g...@tuffmail.com>
Subject Re: Servlet protocol and internal pipelines
Date Thu, 27 Nov 2008 11:50:42 GMT
Robin Wyles pisze:
>>
>> Actually, I don't understand how you solved this problem so probably
>> the best thing would be if you
>> could show me the patch (since it's one-liner).
> 
> Patch against o.a.c.components.treeprocessor.sitemap.PipelineNode is
> attached.

Ahhh, I didn't think of using scheme. It turns out that SitemapServlet (thus sitemap machinery)
has
this one single method to recognize that request is coming from ssf and not from browser.

Still this looks a little bit dangerous so I would like to see it applied along with something
like:

 if (we allow request by recognizing "servlet" scheme)
   logger.warn("Following request has been allowed to access internal-only pipeline by using
not
fully secure method:" + request);

Of course message should little bit more relevant that this is only potential security whole
which
is rather hard to use.

> 
> I'll take a look and see if I can come up with something this week.

Great, as soon as you provide a good integration test I'm happy to commit it.

> On another note - I have a requirement to test how several cocoon 2.2
> blocks interact with each other via REST, on deployment these blocks are
> split into separate webapps that are hosted in different locations, but
> I guess for testing these could be combined into a single webapp. Is
> this something that I can achieve using the cocoon-it block?

I guess so but it's really Reinhard that is an expert in this area.

BTW. Are you going to connect blocks deployed to different machines using SSF? This is something
I've been thinking for a while.

-- 
Grzegorz Kossakowski

Mime
View raw message