On Dec 6, 2007 10:22 AM, Paul Benedict <[EMAIL PROTECTED]> wrote: > On Dec 6, 2007 12:17 PM, Ted Husted <[EMAIL PROTECTED]> wrote: > > > Although I have no clue what SPI means, I do see the web page mentions > > Struts by name, and says that it can be added to applications > > transparently. > > > SPI is Service Provider Interface. The Framework would be built around an > interface, and then Struts would be configured to use an SPI > implementation.
Which security package(s) would you want to work with in addition to HDIV? I firmly believe that you need at least two candidates in order to successfully design an SPI. Otherwise you run a very high risk of designing an SPI that can really only be successfully used by the one candidate you designed it around. A couple of other questions: * How does HDIV's editable content validation interact with the validation mechanisms that we already have built into Struts? Is someone using HDIV with Struts going to be writing their validations using HDIV's format, Commons Validator's format, or both? * How much of the functionality of HDIV is only available for people using JSP with tag libraries? If I'm using Velocity, or not using server-side presentation at all, how much of HDIV do I lose? > > The JDK has many SPI packages. > > > > The vast majority of web applications run inside a firewall and are > > used by a handful of trusted employees. There are many cases where > > Klingon-grade security may not always trump day-to-day performance. > > > LOL > > > > On the Struts 1 security front, there are also projects like the > > Struts SSL Extension which could be subsumed into the core. > > > I am not strongly in favor of belonging to the core. I think the feature > should be optional, but I wouldn't also object if it was put of the core > with the option to turn on/off. > > The developers of HDIV said their programming model would be extremely > simplified if they could have an SPI that targets both versions of Struts. > I > agree and I think it also opens the door to other people doing other kinds > of implementations. I'm not really convinced. Given that HDIV already supports Struts 1, Struts 2, Spring MVC and JSTL, with JSF coming, it seems to me that to really simplify what they're doing, they would need all of those frameworks to support a common SPI. Providing one just for S1 and S2 still leaves them with only one fewer frameworks to deal with. Now, working to provide a common SPI across *all* of those frameworks - *that* would be an interesting exercise... -- Martin Cooper > > Paul >
