incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Story (JIRA)" <j...@apache.org>
Subject [jira] Created: (CLEREZZA-447) GraphNode not appropriate object to send from JSR311 code to Renderlet
Date Sun, 27 Feb 2011 16:40:41 GMT
GraphNode not appropriate object to send from JSR311 code to Renderlet
----------------------------------------------------------------------

                 Key: CLEREZZA-447
                 URL: https://issues.apache.org/jira/browse/CLEREZZA-447
             Project: Clerezza
          Issue Type: Bug
            Reporter: Henry Story


The main reason for Clerezza (zz) having an RDF engine is so that one can fetch data off the
web and use it to guide the logic of what is going on.
When that is done one has to carefully distinguish what is said or believed by different parts
of the engine. *Who* believes *what*, is very important, 
and not making that distinction will create security holes. 

So for example the following is problematic. When a @GET annotated method returns a GraphNode
in a JSR311 class one has to add information to 
that returned GraphNode that is going to decide which Renderlet gets called next. Something
like

		resultNode.addProperty(RDF.`type`, PLATFORM.HeadedPage)
		resultNode.addProperty(RDF.`type`, CONTROLPANEL.ProfileViewerPage)

But what if the JSR wants to return a graph that is not controlled by the System? What if
it wants to return a graph found on the internet in order to display it.
It would have to write something like  this:

	@GET
	def viewPerson(@Context uriInfo: UriInfo, @QueryParam("uri") uri: UriRef): GraphNode = {
		val foaf: GraphNode = descriptionProvider.getWebDescription(uri, Cache.Fetch)
		val resultNode: GraphNode = new GraphNode(new UriRef(uriInfo.getAbsolutePath.toString),foaf.getGraph)
		resultNode.addProperty(RDF.`type`, PLATFORM.HeadedPage)
		resultNode.addProperty(RDF.`type`, CONTROLPANEL.ProfileViewerPage)
	   return result
	}

But now it has mixed system information with remote information. This means that if the foaf
profile contained some different type information, perhaps set
by a different instance of Clerezza, the ZZ instance will be randomly selecting one of many
Renderlets, some of which were not chosen locally. This will completely
confuse the display logic in the system.

  Such a JSR 311 method must instead return a more complex object, consisting of a system
graph perhaps and a content graph. The System graph is the only one that should be 
considered for routing information. 



-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message