Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
Carsten Ziegeler wrote: > As both, auth-fw and session-fw are really out dated and as cowarp is a > better implementation of the auth-fw, I propose to: > a) deprecate auth-fw and session-fw in 2.1.x > b) remove auth-fw and session-fw in 2.2 > c) add cowarp as an own block to 2.2 > +0. I never used auth-fw nor cowarp and use a homegrown solution that provides in-application authentication and authorization while still allowing the use of the regular request.isUserInRole() and request.getUserPrincipal() using a request filter. Sylvain -- Sylvain Wallez - http://bluxte.net
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 9 Jun 2006, Carsten Ziegeler wrote: As both, auth-fw and session-fw are really out dated and as cowarp is a better implementation of the auth-fw, I propose to: a) deprecate auth-fw and session-fw in 2.1.x b) remove auth-fw and session-fw in 2.2 c) add cowarp as an own block to 2.2 As I've moved away from in-application-authentication my vote for this is +0 - -- Giacomo Pati Otego AG, Switzerland - http://www.otego.com Orixo, the XML business alliance - http://www.orixo.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjAYELNdJvZjjVZARAkcvAJ42YeP+guotKDHPy5vnYPkMR5OJtwCeJeVw JQK5ZIIgoa/sRo9bEcWKAEs= =3AVp -END PGP SIGNATURE-
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
Carsten Ziegeler wrote:
Ok, lets see what others think about it.
Now, we already discussed this topic a little bit in [1]:
Cocoon contains the auth-fw block which is a modular authentication
framework which can be integrated in your app. It is based on the
session-fw and for example it can be used out of the box in the portal.
Both, session-fw and auth-fw were developed six years ago with the
mindset that everything is XML - during the years, the way of developing
web apps with Cocoon has changed and therefore there are better
alternatives for these blocks, for example the template block and flow.
In addition I started a replacement for the auth-fw some time ago which
I called CoWarp and which is hosted at sf right now. I had several
reasons for starting this there and not here which are outlined in [1].
My main reason is the community aspect. I would like to have a community
first, before moving the code here. Now, in fact neither the session-fw
nor the auth-fw have a real community here, so perhaps this reason is a
little bit obsolete in *this case*.
As both, auth-fw and session-fw are really out dated and as cowarp is a
better implementation of the auth-fw, I propose to:
a) deprecate auth-fw and session-fw in 2.1.x
b) remove auth-fw and session-fw in 2.2
c) add cowarp as an own block to 2.2
I know that we should deprecate in 2.1.x, leave things in 2.2 and remove
them in 2.3 or 3.0; but in this case I think it's much better to remove
them right away in 2.2 as people should really not use it.
If we add cowarp to the Cocoon code base, we should give it a functional name as
we did it with Woody. I would call the block "auth" and when we talk about it we
should call it "cauth", in analogy to "forms" and "cforms".
--
Reinhard Pötz Independent Consultant, Trainer & (IT)-Coach
{Software Engineering, Open Source, Web Applications, Apache Cocoon}
web(log): http://www.poetz.cc
___
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
Jörg Heinicke wrote:
Von: Carsten Ziegeler
As both, auth-fw and session-fw are really out dated and as cowarp is a
better implementation of the auth-fw, I propose to:
a) deprecate auth-fw and session-fw in 2.1.x
+0 (Deprecating them in 2.1 does not really matter as we have not released 2.2
yet.)
b) remove auth-fw and session-fw in 2.2
-1 see below
c) add cowarp as an own block to 2.2
+1
I know that we should deprecate in 2.1.x, leave things in 2.2 and remove
them in 2.3 or 3.0; but in this case I think it's much better to remove
them right away in 2.2 as people should really not use it.
IMO we should let it in 2.2 as it otherwise highers the barrier to migrate an
application to 2.2. In theory switching to 2.2 (or the next minor version in
general) should be as easy as setting some properties. (With the change to the
new Maven build adopting the local build system might be difficult enough.) But
there should be no enforcement to change the application itself. Instead it
should be possible to replace deprecated stuff with recommended stuff step by
step and one after another.
I want to stress a point which is important for me: Starting with Cocoon 2.2 we
start to split up Cocoon in smaller parts. We won't have any releases that
contain all the +150 modules that we currently have in our repository but every
module is released separatly.
So the question is not whether we want to release the auth-fw or session-fw as
part of Cocoon 2.2 but whether we want to release the two blocks at all.
--
Reinhard Pötz Independent Consultant, Trainer & (IT)-Coach
{Software Engineering, Open Source, Web Applications, Apache Cocoon}
web(log): http://www.poetz.cc
___
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
Ralph Goers wrote: >> > +1. For one, the cowarp source is now an integral part of the sample > portal (in 2.1) and it makes it harder to deal with being outside of Cocoon. > > BTW - what cowarp will 2.1 be using? The one at Sourceforge or at > Cocoon? Perhaps it would be better to share it like flow is doing? We currently use two different version of Cowarp - while 2.1.x is using an older version, 2.2 is using the latest. Now, unfortunately, the latest version is 2.2 only as I'm using some features of 2.2 which are not in 2.1.x. I think we should just add the older version of Cowarp to 2.1.x as well. Carsten -- Carsten Ziegeler - Open Source Group, S&N AG http://www.s-und-n.de http://www.osoco.org/weblogs/rael/
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
Carsten Ziegeler schrieb: > Ok, lets see what others think about it. > > Now, we already discussed this topic a little bit in [1]: > Cocoon contains the auth-fw block which is a modular authentication > framework which can be integrated in your app. It is based on the > session-fw and for example it can be used out of the box in the portal. > Both, session-fw and auth-fw were developed six years ago with the > mindset that everything is XML - during the years, the way of developing > web apps with Cocoon has changed and therefore there are better > alternatives for these blocks, for example the template block and flow. > > In addition I started a replacement for the auth-fw some time ago which > I called CoWarp and which is hosted at sf right now. I had several > reasons for starting this there and not here which are outlined in [1]. > > My main reason is the community aspect. I would like to have a community > first, before moving the code here. Now, in fact neither the session-fw > nor the auth-fw have a real community here, so perhaps this reason is a > little bit obsolete in *this case*. > > As both, auth-fw and session-fw are really out dated and as cowarp is a > better implementation of the auth-fw, I propose to: > a) deprecate auth-fw and session-fw in 2.1.x > b) remove auth-fw and session-fw in 2.2 > c) add cowarp as an own block to 2.2 > +1 Carsten -- Carsten Ziegeler - Open Source Group, S&N AG http://www.s-und-n.de http://www.osoco.org/weblogs/rael/
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
> Von: Carsten Ziegeler > > As both, auth-fw and session-fw are really out dated and as cowarp is a > better implementation of the auth-fw, I propose to: > a) deprecate auth-fw and session-fw in 2.1.x +0 (Deprecating them in 2.1 does not really matter as we have not released 2.2 yet.) > b) remove auth-fw and session-fw in 2.2 -1 see below > c) add cowarp as an own block to 2.2 +1 > I know that we should deprecate in 2.1.x, leave things in 2.2 and remove > them in 2.3 or 3.0; but in this case I think it's much better to remove > them right away in 2.2 as people should really not use it. IMO we should let it in 2.2 as it otherwise highers the barrier to migrate an application to 2.2. In theory switching to 2.2 (or the next minor version in general) should be as easy as setting some properties. (With the change to the new Maven build adopting the local build system might be difficult enough.) But there should be no enforcement to change the application itself. Instead it should be possible to replace deprecated stuff with recommended stuff step by step and one after another. Jörg -- Echte DSL-Flatrate dauerhaft für 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl
Re: [Vote] Cowarp, auth-fw and session-fw in 2.2
Carsten Ziegeler wrote: As both, auth-fw and session-fw are really out dated and as cowarp is a better implementation of the auth-fw, I propose to: a) deprecate auth-fw and session-fw in 2.1.x b) remove auth-fw and session-fw in 2.2 c) add cowarp as an own block to 2.2 I know that we should deprecate in 2.1.x, leave things in 2.2 and remove them in 2.3 or 3.0; but in this case I think it's much better to remove them right away in 2.2 as people should really not use it. +1. For one, the cowarp source is now an integral part of the sample portal (in 2.1) and it makes it harder to deal with being outside of Cocoon. BTW - what cowarp will 2.1 be using? The one at Sourceforge or at Cocoon? Perhaps it would be better to share it like flow is doing? Ralph
[Vote] Cowarp, auth-fw and session-fw in 2.2
Ok, lets see what others think about it. Now, we already discussed this topic a little bit in [1]: Cocoon contains the auth-fw block which is a modular authentication framework which can be integrated in your app. It is based on the session-fw and for example it can be used out of the box in the portal. Both, session-fw and auth-fw were developed six years ago with the mindset that everything is XML - during the years, the way of developing web apps with Cocoon has changed and therefore there are better alternatives for these blocks, for example the template block and flow. In addition I started a replacement for the auth-fw some time ago which I called CoWarp and which is hosted at sf right now. I had several reasons for starting this there and not here which are outlined in [1]. My main reason is the community aspect. I would like to have a community first, before moving the code here. Now, in fact neither the session-fw nor the auth-fw have a real community here, so perhaps this reason is a little bit obsolete in *this case*. As both, auth-fw and session-fw are really out dated and as cowarp is a better implementation of the auth-fw, I propose to: a) deprecate auth-fw and session-fw in 2.1.x b) remove auth-fw and session-fw in 2.2 c) add cowarp as an own block to 2.2 I know that we should deprecate in 2.1.x, leave things in 2.2 and remove them in 2.3 or 3.0; but in this case I think it's much better to remove them right away in 2.2 as people should really not use it. Carsten Ralph Goers wrote: > > Carsten Ziegeler wrote: >> Ralph Goers wrote: >> >>> In 2.2 why don't you put cowarp in as a block and remove the >>> authentication framework. Remember to deprecate it in 2.1. >>> >>> >> Hmm, yes, good question. I'm not against it, but as you say above this >> makes imho only sense if we remove the auth-fw in 2.2. And *if* we >> remove the auth-fw we should also remove session-fw which is really >> outdated. The template block and flow are much better alternatives. >> >> Carsten >> > I'm OK with that. I've always found the session-fw hard to use. So here > is my +1. > [1] http://marc.theaimsgroup.com/?t=11241831884&r=1&w=2 -- Carsten Ziegeler - Open Source Group, S&N AG http://www.s-und-n.de http://www.osoco.org/weblogs/rael/
