RE: session facade not used for event
ok, I can do this tomorrow. Filip -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 01, 2004 5:09 PM To: Tomcat Developers List Subject: Re: session facade not used for event Filip Hanik - Dev wrote: >>>Facading is likely worthless for sessions, > > you think so, you don't think session.setPrincipal is a security issue? Missed that one ;) As Jean-François said, the security manager will avoid the problem. I think it won't hurt replacing the "this"s with "getSession()"s in the event constructors, though. Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.692 / Virus Database: 453 - Release Date: 5/28/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.692 / Virus Database: 453 - Release Date: 5/28/2004 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: session facade not used for event
Het adres [EMAIL PROTECTED] is voorlopig niet meer in gebruik vanwege grote hoeveelheden virusmails die daarop binnenkomen. Gebruik het nieuwe adres dat op de website staat (linksonder). Excuses voor het ongemak! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session facade not used for event
Filip Hanik - Dev wrote: Facading is likely worthless for sessions, you think so, you don't think session.setPrincipal is a security issue? Missed that one ;) As Jean-François said, the security manager will avoid the problem. I think it won't hurt replacing the "this"s with "getSession()"s in the event constructors, though. Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session facade not used for event
Filip Hanik - Dev wrote: Facading is likely worthless for sessions, you think so, you don't think session.setPrincipal is a security issue? Try it by turning the Security Manager on ;-) -- Jeanfrancois Filip - Original Message - From: "Remy Maucherat" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Tuesday, June 01, 2004 3:02 PM Subject: Re: session facade not used for event Filip Hanik - Dev wrote: Quick question, is there a reason the user code has access to the internal session instead of the session facade on session events? event = new HttpSessionBindingEvent(this,name,value); //inside StandardSession as opposed to this code, which would give the user a facade? event = new HttpSessionBindingEvent(new SessionFacade(this),name,value); Yes, but no. Facading is likely worthless for sessions, as we're (fortunately) not recycling them anymore. The session manager will prevent accessing any of the extra methods (and even then, I'm not sure there's any public methods worth exploiting). Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session facade not used for event
>> Facading is likely worthless for sessions, you think so, you don't think session.setPrincipal is a security issue? Filip - Original Message - From: "Remy Maucherat" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Tuesday, June 01, 2004 3:02 PM Subject: Re: session facade not used for event > Filip Hanik - Dev wrote: > > Quick question, is there a reason the user code has access to the > > internal session instead of the session facade on session events? > > > >> event = new HttpSessionBindingEvent(this,name,value); //inside > >> StandardSession > > > > as opposed to this code, which would give the user a facade? event = > > new HttpSessionBindingEvent(new SessionFacade(this),name,value); > > Yes, but no. > Facading is likely worthless for sessions, as we're (fortunately) not > recycling them anymore. The session manager will prevent accessing any > of the extra methods (and even then, I'm not sure there's any public > methods worth exploiting). > > Rémy > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session facade not used for event
Filip Hanik - Dev wrote: Quick question, is there a reason the user code has access to the internal session instead of the session facade on session events? event = new HttpSessionBindingEvent(this,name,value); //inside StandardSession as opposed to this code, which would give the user a facade? event = new HttpSessionBindingEvent(new SessionFacade(this),name,value); Yes, but no. Facading is likely worthless for sessions, as we're (fortunately) not recycling them anymore. The session manager will prevent accessing any of the extra methods (and even then, I'm not sure there's any public methods worth exploiting). Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
