Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 84224 invoked from network); 27 Sep 2008 03:26:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Sep 2008 03:26:27 -0000 Received: (qmail 85208 invoked by uid 500); 27 Sep 2008 03:26:24 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 85156 invoked by uid 500); 27 Sep 2008 03:26:24 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 85145 invoked by uid 99); 27 Sep 2008 03:26:24 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 Sep 2008 20:26:24 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 209.85.146.176 as permitted sender) Received: from [209.85.146.176] (HELO wa-out-1112.google.com) (209.85.146.176) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Sep 2008 03:25:25 +0000 Received: by wa-out-1112.google.com with SMTP id m33so652402wag.9 for ; Fri, 26 Sep 2008 20:25:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:in-reply-to:mime-version:content-type:references :x-google-sender-auth; bh=mec8WDhMawYeoNH4gKur+MCxTM86H7vDr2gwkYjVMIg=; b=Wz0Zf4A0FSe8WxKQv6yjidLz1zV+HZ6xgJlFKuoQMP6FqHcwKXzMuT7vMWTZhNYqfk LDOnobXPgP1CxRdua9mGw4V74PDs07eMVJQCn+P074LaeNEJutSX750Go2COYv4vXHL+ FPIDIMYqWq9PgXMPVQxfi5Ux0jP5Xc068SftQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=kZ0EonoOTC6yz9Rs7HgBfP1Hc7bARtdhhz3E3q7/ZL+/dv71ATju2xTZnUUSSR9GyD jlmyWVCugMR+z/4Q3jzV8eyDzrjRGOP5rOMSqiJ5x82sWm6d7mTf/7zF5O9JOEcMC3zm SBshtN70irR2Pv5DNLqsebnD6+GwGDbFnd/T4= Received: by 10.114.53.18 with SMTP id b18mr2412490waa.220.1222485949765; Fri, 26 Sep 2008 20:25:49 -0700 (PDT) Received: by 10.114.66.3 with HTTP; Fri, 26 Sep 2008 20:25:49 -0700 (PDT) Message-ID: Date: Fri, 26 Sep 2008 23:25:49 -0400 From: "Alex Karasulu" Sender: akarasulu@gmail.com To: "Apache Directory Developers List" Subject: Re: JNDI vs protocol vs Core API In-Reply-To: <48DD800C.40903@nextury.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_16265_25964032.1222485949748" References: <48DD237F.2040907@nextury.com> <48DD800C.40903@nextury.com> X-Google-Sender-Auth: 82c11c1bb450a83e X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_16265_25964032.1222485949748 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Fri, Sep 26, 2008 at 8:36 PM, Emmanuel Lecharny wrote: > Alex Karasulu wrote: > >> Emmanuel, >> >> On Fri, Sep 26, 2008 at 2:01 PM, Emmanuel Lecharny > >wrote: >> >> Now, the problem is that for referrals, as we have also removed the >>> ReferralInterceptor from the core server (a very good move, when you take >>> the time to think about it - and it took me two hours of discussion with >>> Alex to get it -), you have a new problem : where do we have to handle >>> referrals ? >>> >>> >>> >> >> Question is for what purpose do you want to handle referrals. There are >> two >> ways to handle referrals: >> >> (1) Through the protocol >> (2) Via the JNDI Provided based on how JNDI is expected to behave with >> different values for the Context.REFERRAL property in the environment: >> throw, ignore, follow. >> >> > well, I don't think we should see the referral handling this way. IIf you > see it from another perspective, ie, from the user POV, a referral is just > an indirection. Now, the way the server manage it is pretty much a black box > for the client, as soon as the client is informed that the entry is not > present in the server. If you consider that you want to embed the server, > but without using JNDI, you are in a dead end. I don't think we're in a dead end. It's up to the user of the CoreSession and Entry interfaces to determine what to do with the referral if they don't want to use the JNDI wrapper. It's that simple. What more do you think needs to be done? For example if you do a lookup via: session.lookup( "ou=People,dc=foo" ) and dc=foo is a referral to dc=bar but ou=People does not exist. In this case what exception do you throw? Something telling you the entry does not exist or an exception stating a referral needs to be handled? If you want referral handling to occur here in CoreSession methods then, the exception thrown will depend on the presence of the ManageDsaIT control's presence. If you don't implement referral handling here then upper levels must check with the ReferralManager to see if the dn of the missing entry has a referral ancestor. I guess this is a good argument to implement some minimal referral handling in the CoreSession then. What does the Netscape API do? Maybe that may shed some light. > > >> >> >>> The first idea was to move it to the protocol layer. So be it. But the >>> problem is that the JNDI referral handling was not anymore done (and as a >>> consequence, the associated tests were disabled, until the JNDI provider >>> was >>> fixed to handle those referrals). >>> >>> I'm currently re-implementing the Referral handling in this JNDI layer, >>> but >>> I suddenly discovered that this was not a good idea *at all*. And so was >>> the >>> initial idea to implement the referrals handling into the protocol layer. >>> We >>> now have 3 places where we must implement this process : >>> - in the protocol layer >>> - in the JNDI provider >>> - and in the CoreSession layer. >>> >>> Bad... >>> >>> >>> >> >> I don't think it should be done in the CoreSession. The CoreSession >> should >> just provide an interface to perform operations against entries. I think >> all entries should be treated the same with respect to this interface. > > Starting to think otherwise now. > >> >> > That's fine, but then we have to add a thin layer on top of the CoreSession > (be it the Operation manager or anything else, it's just something which > will handle the referrals, when the plain entry is returned back, if it > contains the Referral ObjectClass)). Otherwie, we will have to handle it in > two places instead of one (ie, in the protocol and in JNDI). > >> If code needs to do something different because the entry is a referral >> it's >> up to that code to do so. >> >> > so the need of another layer on top of the CoreSession > >> Referral handling is different depending on whether the protocol is >> handling >> it or whether the JNDI provider is handling it. >> > In fact, if you abstract yoruself from the e=semantic, there is not that > much a difference : either the referral is ignored, and we return the plain > entry (=> ManageDsaIt is present _or_ the property is set to Ignore), or we > want to be redirected, and we want the underlying server to give us the URL > to go to (ManageDsaIt is not present _or_ the property is set to 'throw'). > The last case (the property is set to follow) is pretty much the same, > except that the server will automatically send a request to the other server > (and we don't handle this case anyway) > >> The reason why I separated >> these is because the concepts were getting mixed together and JNDI was >> contaminating the server. >> >> > Removing those aspects from the server was a perfect move. But I think we > can do better than adding handlers for referrals in both JNDI and protocol > code. This is the reason why I posted this mail. > >> >> >> >>> So here is what I suggest : we should handle referrals into the >>> CoreSession >>> layer, and deal with the thrown exceptions (LdapReferralExceptio, >>> LdapPartialResultException, etc) into the JNDI and protocol layer, >>> otherwise, we will do the job three times (and it's not a funny job ...) >>> >>> thoughts ? >>> >>> >>> >> >> We could do this but these exceptions are JNDI specific. They've been >> defined to deal with a specific JNDI referral handling mode (throw >> specifically). >> > IMO, 'follow' is the JNDI exception, not throw. And we don't handle the > 'follow' anyway :) > >> Then the protocol handler code would need to change to >> understand these JNDI specifics. >> >> Perhaps we should just not deal with referrals at all in the CoreSession. >> Just add it to the JNDI provider for it's specific modes. >> >> > That's also an option, but I'm afraid that may limit the embedded version > of the server. > >> My mindset my be wrong (and at times I do doubt it) but I feel the core >> API >> is purely a local access API to initialize and manipulate the DIT and its >> entries. >> > I agree fully. The core should only return pure entries, not dealing with > referrals as if they were special. But the layer on top of it must deal with > referrals. The JNDI provider must do it, and my idea is to delegate this > part to an intermediate layer, like : > > client --> JNDI --> server API --> referral layer --> core --> ... > or > client --> server API --> referral layer --> core --> ... > > It does not deal with following referrals since this would go over >> the network. It does not deal with referrals as special entries since >> this >> is the responsibility of higher layers which deal with referrals in >> different ways. >> >> >> >> >>> PS: don't be too picky with the names I'm using (like CoreSession is not >>> really the API we have built), but I'm sure that Alex can correct me. I >>> think however that the general picture is ok. >>> >>> >>> >>> >> Yeah just great - I understood easily what you meant. I think reuse is >> good >> and I can certainly see how putting some referral handling functionality >> into the CoreSession is very tempting. As coders we always want to reuse >> and that's good. However sometimes reuse causes more problems than it is >> worth. >> > hence my email ;) > >> I think this is a good example for that kind of situation. Also >> sometimes we want to add additional functionality because it seems to make >> sense to have a richer interface that handles more cases. However more >> complex interfaces are harder to work with as bricks to build other >> interfaces when their rich features start to get in the way. >> >> > I think that the core session interface should not be modified. But we may > need another thin layer on top of it. Maybe. > >> Then the referral handling code, >> whether in the protocol provider or in the JNDI provider, has a much >> easier >> task. The respective code is clean and shows clearly the policy of how >> referrals are handled in their respective layers. >> >> > this is the key : do we have to handle referrals in those two layers > (protocol an JNDI) when we could manage it in an intermediate layer ? I > think this is possoble. More than that, I think this can also be the seed > for a new API which will replace the current JNDI API for those who would > like to embed the server without being stuck into JNDI or to go through the > protocol layer. > Ok another layer will get confusing so you're probably right that we should put it into CoreSession. Alex ------=_Part_16265_25964032.1222485949748 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline


On Fri, Sep 26, 2008 at 8:36 PM, Emmanuel Lecharny <elecharny@gmail.com> wrote:
Alex Karasulu wrote:
Emmanuel,

On Fri, Sep 26, 2008 at 2:01 PM, Emmanuel Lecharny <elecharny@gmail.com>wrote:

Now, the problem is that for referrals, as we have also removed the
ReferralInterceptor from the core server (a very good move, when you take
the time to think about it - and it took me two hours of discussion with
Alex to get it -), you have a new problem : where do we have to handle
referrals ?

   

Question is for what purpose do you want to handle referrals.  There are two
ways to handle referrals:

(1) Through the protocol
(2) Via the JNDI Provided based on how JNDI is expected to behave with
different values for the Context.REFERRAL property in the environment:
throw, ignore, follow.
 
well, I don't think we should see the referral handling this way. IIf you see it from another perspective, ie, from the user POV, a referral is just an indirection. Now, the way the server manage it is pretty much a black box for the client, as soon as the client is informed that the entry is not present in the server. If you consider that you want to embed the server, but without using JNDI, you are in a dead end.

I don't think we're in a dead end.  It's up to the user of the CoreSession and Entry interfaces to determine what to do with the referral if they don't want to use the JNDI wrapper.  It's that simple.

What more do you think needs to be done?  For example if you do a lookup via:

    session.lookup( "ou=People,dc=foo" )

and dc=foo is a referral to dc=bar but ou=People does not exist.  In this case what exception do you throw? Something telling you the entry does not exist or an exception stating a referral needs to be handled? If you want referral handling to occur here in CoreSession methods then, the exception thrown will depend on the presence of the ManageDsaIT control's presence.

If you don't implement referral handling here then upper levels must check with the ReferralManager to see if the dn of the missing entry has a referral ancestor.  I guess this is a good argument to implement some minimal referral handling in the CoreSession then.

What does the Netscape API do?  Maybe that may shed some light. 
 


 
The first idea was to move it to the protocol layer. So be it. But the
problem is that the JNDI referral handling was not anymore done (and as a
consequence, the associated tests were disabled, until the JNDI provider was
fixed to handle those referrals).

I'm currently re-implementing the Referral handling in this JNDI layer, but
I suddenly discovered that this was not a good idea *at all*. And so was the
initial idea to implement the referrals handling into the protocol layer. We
now have 3 places where we must implement this process :
- in the protocol layer
- in the JNDI provider
- and in the CoreSession layer.

Bad...

   

I don't think it should be done in the CoreSession.  The CoreSession should
just provide an interface to perform operations against entries.  I think
all entries should be treated the same with respect to this interface.

Starting to think otherwise now.
 

 
That's fine, but then we have to add a thin layer on top of the CoreSession (be it the Operation manager or anything else, it's just something which will handle the referrals, when the plain entry is returned back, if it contains the Referral ObjectClass)). Otherwie, we will have to handle it in two places instead of one (ie, in the protocol and in JNDI).

If code needs to do something different because the entry is a referral it's
up to that code to do so.
 
so the need of another layer on top of the CoreSession

Referral handling is different depending on whether the protocol is handling
it or whether the JNDI provider is handling it.  
In fact, if you abstract yoruself from the e=semantic, there is not that much a difference : either the referral is ignored, and we return the plain entry (=> ManageDsaIt is present _or_ the property is set to Ignore), or we want to be redirected, and we want the underlying server to give us the URL to go to (ManageDsaIt is not present _or_ the property is set to 'throw'). The last case (the property is set to follow) is pretty much the same, except that the server will automatically send a request to the other server (and we don't handle this case anyway)

The reason why I separated
these is because the concepts were getting mixed together and JNDI was
contaminating the server.
 
Removing those aspects from the server was a perfect move. But I think we can do better than adding handlers for referrals in both JNDI and protocol code. This is the reason why I posted this mail.


 
So here is what I suggest : we should handle referrals into the CoreSession
layer, and deal with the thrown exceptions (LdapReferralExceptio,
LdapPartialResultException, etc) into the JNDI and protocol layer,
otherwise, we will do the job three times (and it's not a funny job ...)

thoughts ?

   

We could do this but these exceptions are JNDI specific.  They've been
defined to deal with a specific JNDI referral handling mode (throw
specifically).  
IMO, 'follow' is the JNDI exception, not throw. And we don't handle the 'follow' anyway :)

Then the protocol handler code would need to change to
understand these JNDI specifics.

Perhaps we should just not deal with referrals at all in the CoreSession.
Just add it to the JNDI provider for it's specific modes.
 
That's also an option, but I'm afraid that may limit the embedded version of the server.

My mindset my be wrong (and at times I do doubt it) but I feel the core API
is purely a local access API to initialize and manipulate the DIT and its
entries.
I agree fully. The core should only return pure entries, not dealing with referrals as if they were special. But the layer on top of it must deal with referrals. The JNDI provider must do it, and my idea is to delegate this part to an intermediate layer, like :

client --> JNDI --> server API --> referral layer --> core --> ...
or
client --> server API --> referral layer --> core --> ...


 It does not deal with following referrals since this would go over
the network.  It does not deal with referrals as special entries since this
is the responsibility of higher layers which deal with referrals in
different ways.


 
PS: don't be too picky with the names I'm using (like CoreSession is not
really the API we have built), but I'm sure that Alex can correct me. I
think however that the general picture is ok.


   
Yeah just great - I understood easily what you meant.  I think reuse is good
and I can certainly see how putting some referral handling functionality
into the CoreSession is very tempting.  As coders we always want to reuse
and that's good.  However sometimes reuse causes more problems than it is
worth.
hence my email ;)

 I think this is a good example for that kind of situation.  Also
sometimes we want to add additional functionality because it seems to make
sense to have a richer interface that handles more cases.  However more
complex interfaces are harder to work with as bricks to build other
interfaces when their rich features start to get in the way.
 
I think that the core session interface should not be modified. But we may need another thin layer on top of it. Maybe.
<snip/>Then the referral handling code,

whether in the protocol provider or in the JNDI provider, has a much easier
task.  The respective code is clean and shows clearly the policy of how
referrals are handled in their respective layers.
 
this is the key : do we have to handle referrals in those two layers (protocol an JNDI) when we could manage it in an intermediate layer ? I think this is possoble. More than that, I think this can also be the seed for a new API which will replace the current JNDI API for those who would like to embed the server without being stuck into JNDI or to go through the protocol layer.

Ok another layer will get confusing so you're probably right that we should put it into CoreSession.

Alex

------=_Part_16265_25964032.1222485949748--