Leszek Gawron wrote:
Reinhard Poetz wrote:
Rice Yeh wrote:
Hi,
Here is another problem when using servlet protocol. A servlet S1
extends another servlet S2. A web continuation k is generated in S2.
When k returns back, k is matched in S1 with match pattern
"*.continue" which exists in S2 also. Then comes an error with
message like "k bound to S2, but looked up in S1".
I wonder if this really increases the security of Cocoon apps which
was the original reason why this feature was introduced. Can somebody
comment on this?
This is not the thing of security. The actual problem is a continuation
could be created via apples processor and later on picked up by
flowscript. Only the interpreter that creates the continuation is able
to properly make use of it in the future.
Apart from that the continuation is created in some context. Any
sendPage( "view/page.jx" ) is resolved in this particular context.
Changing context on the fly would in most cases generate errors.
I understand the reasons now but I still believe that Rice's usecase is valid
but I'm not sure how to solve his problem :-(
--
Reinhard Pötz Independent Consultant, Trainer & (IT)-Coach
{Software Engineering, Open Source, Web Applications, Apache Cocoon}
web(log): http://www.poetz.cc
--------------------------------------------------------------------