struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Struts Wiki] Update of "HDIV" by gorkavicente
Date Fri, 07 Dec 2007 13:29:36 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification.

The following page has been changed by gorkavicente:
http://wiki.apache.org/struts/HDIV

------------------------------------------------------------------------------
  
  '''Martin Cooper:''' Which security package(s) would you want to work with in addition to
HDIV? I firmly believe that you need at least two candidates in order to successfully design
an SPI. Otherwise you run a very high risk of designing an SPI that can really only be successfully
used by the one candidate you designed it around. 
  
+ '''HDIV team:''' We think it's better to use a SPI. From our point of view the SPI it's
an extension point that could be interesting for many projects, not only for security projects.
For example if you use webflow in a Struts application you have to add flow execution key
parameters by hand and that could be easily solved by implementing a SPI.
+ 
+ Of course, if we use the SPI it's not necessary to extend struts' tld making it easier to
integrate HDIV.
+ 
+ In addition to that if you use the SPI you can activate or desactivate updating Struts configuration.
By default Struts can use an empty implementation of the SPI. 
+ 
+ HDIV can be very useful for many applications but not for others. For example if you have
a public web page where it's necessary to be indexable, you shouldn't use HDIV because all
links are dynamic and related with web session (the same problem of JSF but in this case you
can desactivate it). 
+ 
+ About Paul Benedict's comment ("I don't know if HDIV has aspirations outside of Struts which
would make an SPI much more palatable"), the target of HDIV is the integration with all web
frameworks that need this type of security functionalities. So far we have developed HDIV
versions for:
+ 
+ 	* Struts 1
+ 	* Struts 2
+ 	* Spring MVC
+ 	* JSTL
+ 	* WebWork (not published)
+ 	* Stripes (not published)	
+ 	* JSF (not published)
+ 
+ Some of them are still under development, but they will be published in a few months. In
consecuence, it will be useful if the SPI it's generic and works with all web frameworks.
But thinking about the implementation and library dependencies maybe it would be better if
each framework had it's own interface, similar to interceptors concept in many frameworks
but in this case related with tag libraries. Anyway, we could create a first release supporting
commented frameworks.
+ 
  = Performance =
  
  '''Ted Husted:''' It's unusual that a feature such as this comes without penality. If HDIV
were native, what would be the performance cost? Complexity cost? 
+ 
+ '''HDIV team:''' In our opinion the performance offered by HDIV is acceptable and it could
be activated by default, but we have to take into account that it generates a problem with
the pages indexation (all links are dynamic and related with web session). Consequently we
think it's better if the HDIV activation it's optional. 
+ 
+ Another discussion is if it has to be activated by default or not. For more information
about HDIV performance see [http://www.hdiv.org/docs/hdiv-performance.pdf hdiv-performance.pdf]
  
  = Validation =
  
@@ -24, +48 @@

  with Struts going to be writing their validations using HDIV's format,
  Commons Validator's format, or both?
  
+ '''HDIV team:''' Editable data validation offered by HDIV it's integrated with struts’
validator. HDIV creates validation errors within HDIV's validation filter and they are added
within HDIV RequestProccessor. The errors generated by HDIV are generated with the same format
of Struts and they are visualized in the same way as usual errors using Struts tags ( html:errors,logic:messagesPresent,
etc.).
+ 
+ For more information about it see [http://www.hdiv.org/docs/hdiv-reference.pdf HDIV reference
(chapter-7.1.2.4.2)].
+ 
  = Usability =
  
  '''Martin Cooper:''' How much of the functionality of HDIV is only available for people
using JSP with tag libraries? If I'm using Velocity, or not using server-side
  presentation at all, how much of HDIV do I lose?
  
+ '''HDIV team:''' The core API of HDIV (hdiv-core) is not related with a concrete technology
and it’s possible to use it with any technology. Although we haven’t implemented it for
Struts 1 the integration of Velocity and Freemarker it's included in Struts 2 version, see
Struts 2 example application, within (struts2-showcase-2.0.x) ui-tags section.
+ 

Mime
View raw message