RE: [OS-webwork] Action invocation

design, implementation and hosting email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> mobile: 770.480.1547 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rickard Oberg Sent: Thursday, January 02, 2003 1:27 PM To: [EMAIL PROTECTED] Subject: Re: [OS-w

RE: [OS-webwork] Action invocation

anuary 02, 2003 3:33 PM To: [EMAIL PROTECTED] Subject: RE: [OS-webwork] Action invocation > -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] >> > That is how I have implemented the filter currently: if there's an > action for the JSP, then exe

RE: [OS-webwork] Action invocation

> -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > > Good point. I agree with that. But, there's still a need to > add roles to > xwork.xml I think, for the cases where the actions are > invoked by other > actions, or by some dispatcher other then a servlet contr

Re: [OS-webwork] Action invocation

Jason Carreira wrote: As opposed to the extra configuration to assign roles to packages and coordinate them with the roles in web.xml? I really don't like the idea of putting security information into xwork. If we pinned packages to URL paths, and protected the paths using J2EE declarative securit

RE: [OS-webwork] Action invocation

> -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > > True, but it's more configuration to do. If it can be avoided > that'd be > nice. As opposed to the extra configuration to assign roles to packages and coordinate them with the roles in web.xml? I really don't

Re: [OS-webwork] Action invocation

Jason Carreira wrote: That's the argument against .action invocation with any path. If we pin actions to certain paths in the config files, as I've proposed, then this is not an issue. True, but it's more configuration to do. If it can be avoided that'd be nice. One nice thing about that is th

RE: [OS-webwork] Action invocation

> -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > > The argument against .action invocation, then, is only with regard to > declarative security. Would it be ok to declare what roles > may access it > in xwork.xml? (both on action and package level) That's the ar

Re: [OS-webwork] Action invocation

boxed wrote: I will run the action without a result a few times to start off to make sure it compiles and goes through to success and so forth. I also have some (very few) actions that don't actually have a view at all, but write directly to the servlet output stream. Yes I know it's ugly, I hate

Re: [OS-webwork] Action invocation

> Why is it more convenient than tying it to a result page? Or do you run > the action without a result? I will run the action without a result a few times to start off to make sure it compiles and goes through to success and so forth. I also have some (very few) actions that don't actually have a

Re: [OS-webwork] Action invocation

On Fri, Jan 03, 2003 at 04:00:55PM +0100, Rickard Öberg wrote: > Jason Carreira wrote: > >As opposed to what? This is a model-2 MVC framework. It uses a controller > >servlet as its entry point. > > Using a controller servlet that intercepts all requests but only deals > with some of the request

Re: [OS-webwork] Action invocation

Jason is correct. This is the recommended way of doing it if you don't want somebody accessing the page directly. -Matt On Fri, 03 Jan 2003, Rickard Öberg wrote: > > Jason Carreira wrote: > > Maybe, but is it an acceptable level of complexity > for the benefits > > (simplictiy, security, etc) i

Re: [OS-webwork] Action invocation

; Sent: Friday, January 03, 2003 10:22 AM Subject: RE: [OS-webwork] Action invocation I'm pretty sure I read an article about doing it... Anybody else have any experience doing this? -Original Message- From: Rickard Öberg [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 1

Re: [OS-webwork] Action invocation

Sent: Friday, January 03, 2003 10:22 AM Subject: RE: [OS-webwork] Action invocation > I'm pretty sure I read an article about doing it... Anybody else have any experience doing this? > > > -Original Message- > > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] >

RE: [OS-webwork] Action invocation

I'm pretty sure I read an article about doing it... Anybody else have any experience doing this? > -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 10:16 AM > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwor

Re: [OS-webwork] Action invocation

Jason Carreira wrote: Maybe, but is it an acceptable level of complexity for the benefits (simplictiy, security, etc) it provides? For instance, I would like to have all of my JSP pages under WEB-INF, so they can only be used from the servlet, rather than being accessed directly, which would most

RE: [OS-webwork] Action invocation

to break, since the context hasn't been set up for them. > -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 10:01 AM > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwork] Action invocation > > > Jason Carr

Re: [OS-webwork] Action invocation

Jason Carreira wrote: As opposed to what? This is a model-2 MVC framework. It uses a controller servlet as its entry point. Using a controller servlet that intercepts all requests but only deals with some of the requests is going to be unnecessary overhead. /Rickard

RE: [OS-webwork] Action invocation

As opposed to what? This is a model-2 MVC framework. It uses a controller servlet as its entry point. > -Original Message- > From: Robert Nicholson [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 5:59 AM > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwork] Ac

Re: [OS-webwork] Action invocation

Joseph Ottinger wrote: Actually, all this talk of filters, etc. makes me wonder if it *is* supposed to be WebWork 2.0 as opposed to XWork. Applying filters to a Swing app would be, um, great fun. Yes and no. Some of the stuff we're discussing here are definitely web-centric, but others is not.

RE: [OS-webwork] Action invocation

ler servlet as >its entry point. > > > -Original Message- > > From: Robert Nicholson [mailto:[EMAIL PROTECTED]] > > Sent: Friday, January 03, 2003 5:59 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [OS-webwork] Action invocation > > > > > >

Re: [OS-webwork] Action invocation

It would seem some folks are assuming that all requests will go via the servlet and therefore if myAction is deemed to be an action then it will be executed. This obviously has a high overhead factor. On Thursday, January 2, 2003, at 08:47 PM, Rickard Öberg wrote: Jason Carreira wrote: I don'

Re: [OS-webwork] Action invocation

Mike Cannon-Brookes wrote: Maybe this is a little bit of personal preference - but as the webwork (and OS!) way, let's let the user decide! Why can't we just have a ServletDispatcher and a FilterDispatcher? Sure, that's very possible. For the record, I actually LIKE having .jspa and .jsp diff

Re: [OS-webwork] Action invocation

Yes :) On 3/1/03 7:38 AM, "Rickard Öberg" ([EMAIL PROTECTED]) penned the words: > Jason Carreira wrote: >> I dunno. I would argue that if they can't be run by the same role, then they >> don't belong together. > > So if you've made this cool weblog thingy (as an example) where half of > the acti

Re: [OS-webwork] Action invocation

>> For one thing, they >> perform better. Another reason is that I have the same situation as Pat, >> the same jsp is the success page for multiple actions. One final reason >> is that the migration path from ww to xw for applications now requires >> filters to handle the (automatic) migration from

Re: [OS-webwork] Action invocation

inal Message - > From: "Rickard Ã-berg" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 02, 2003 9:37 AM > Subject: Re: [OS-webwork] Action invocation > > >> Patrick Lightbody wrote: >>> This sounds scary to me --

Re: [OS-webwork] Action invocation

On Thu, Jan 02, 2003 at 09:47:24PM +0100, Rickard Öberg wrote: > Jason Carreira wrote: > >I don't like the idea of exposing the view we're mapping to. What If > >I want to change the view that is mapped from the action? I think it > >would be better to have: > > > >http://somehost.com/myPackage/myA

RE: [OS-webwork] Action invocation

n) to find the package (myPackage) and then find the action mapping (for myAction). > -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 02, 2003 3:47 PM > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwork] Action invocation > &g

Re: [OS-webwork] Action invocation

On Thu, Jan 02, 2003 at 09:15:44PM +0100, Rickard Öberg wrote: > Chris Nokleberg wrote: > >On Thu, Jan 02, 2003 at 08:00:41PM +0100, Rickard Öberg wrote: > > > >But one of the reasons to get rid of .action is that it exposes the > >implementation. ".jsp" does the same thing! > > Absolutely. But a

Re: [OS-webwork] Action invocation

Jason Carreira wrote: I don't like the idea of exposing the view we're mapping to. What If I want to change the view that is mapped from the action? I think it would be better to have: http://somehost.com/myPackage/myAction So you don't have to have any kind of extension... Just logical URLs tha

Re: [OS-webwork] Action invocation

boxed wrote: I find having the actions available directly with the .action notation very handy for developing/debugging. I am hoping you mean "possible to avoid them if you want". It sounds to me like you want to force users to not use the .action notation, when it can definetely be useful. Why

Re: [OS-webwork] Action invocation

Jason Carreira wrote: I dunno. I would argue that if they can't be run by the same role, then they don't belong together. So if you've made this cool weblog thingy (as an example) where half of the actions goes to rendering the weblog, and half are about administering it, you'd put them into t

RE: [OS-webwork] Action invocation

> -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] >> > That is how I have implemented the filter currently: if there's an > action for the JSP, then execute it, otherwise do nothing > (i.e. run JSP > as usual). > > /Rickard > I don't like the idea of exposing t

RE: [OS-webwork] Action invocation

I dunno. I would argue that if they can't be run by the same role, then they don't belong together. > -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 02, 2003 3:17 PM > To: [EMAIL PROTECTED] > Subject: Re: [OS-w

Re: [OS-webwork] Action invocation

Chris Nokleberg wrote: On Thu, Jan 02, 2003 at 08:00:41PM +0100, Rickard Öberg wrote: But one of the reasons to get rid of .action is that it exposes the implementation. ".jsp" does the same thing! Absolutely. But at least XWork would be hidden. Why not allow for arbitrary URLs, even when you

Re: [OS-webwork] Action invocation

Jason Carreira wrote: You make a base package with the 3, then 2 other packages which extend the base package and add the actions for each role to its respective package. But then the actions will be packaged based on the security restrictins instead of their "belonging together"-ness, which is

RE: [OS-webwork] Action invocation

IL PROTECTED] > Subject: Re: [OS-webwork] Action invocation > > > Jason Carreira wrote: > > I'm thinking we could use your idea of packages, and map > packages to > > certain paths, then you could easily secure by package. > > What if you have 10 actions in a

Re: [OS-webwork] Action invocation

On Thu, Jan 02, 2003 at 08:00:41PM +0100, Rickard Öberg wrote: > Chris Nokleberg wrote: > >I don't understand why URLs need to have ".action" OR ".jsp". In my > >mind, direct requests to resources is okay for static files, but all > >action-related requests should flow through the action mappings.

Re: [OS-webwork] Action invocation

I believe Rickard has made it clear both will be available. - Original Message - From: "boxed" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 02, 2003 11:15 AM Subject: Re: [OS-webwork] Action invocation > > Pretty much, yes. There

Re: [OS-webwork] Action invocation

Jason Carreira wrote: I'm thinking we could use your idea of packages, and map packages to certain paths, then you could easily secure by package. What if you have 10 actions in a package, and 3 are public, 4 are allowed by one role, and 6 are allowed by another (i.e. there's an overlap). How

Re: [OS-webwork] Action invocation

t;[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 02, 2003 20:00 Subject: Re: [OS-webwork] Action invocation Chris Nokleberg wrote: > I don't understand why URLs need to have ".action" OR ".jsp". In my > mind, direct requests to resources i

RE: [OS-webwork] Action invocation

> -Original Message- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > > But the security problem is not with pages really, but with > actions. If > the request is stopped at the View stage it's already too > late: you may > have executed code that the user was not allowed to execu

Re: [OS-webwork] Action invocation

Chris Nokleberg wrote: I don't understand why URLs need to have ".action" OR ".jsp". In my mind, direct requests to resources is okay for static files, but all action-related requests should flow through the action mappings. The point is to try and avoid .action URL's for mentioned reasons. Sinc

Re: [OS-webwork] Action invocation

I don't understand why URLs need to have ".action" OR ".jsp". In my mind, direct requests to resources is okay for static files, but all action-related requests should flow through the action mappings. *If* actions are always tied to a path (or paths), *and* there is a filter controller, then: a)

Re: [OS-webwork] Action invocation

Philipp Meier wrote: I often come to having the same view for different actions. One case is debugging and because I use XSLT-Stylesheets as views, I often have some rather generic stylesheet that formats different actions. But I don't understand how this relates to why ".action"-URL are bad. .a

Re: [OS-webwork] Action invocation

Patrick Lightbody wrote: They have very, VERY different ways to retrieve the data. But yes, I suppose one could design differently. Ok. Damn. Removing .action invocations would have made things much simpler, especially for the declarative security users. /Rickard ---

Re: [OS-webwork] Action invocation

Bruce Ritchie wrote: I'm with Pat here .. I actually prefer having urls with the .action in them to having pages with tags in them. But I didn't suggest that you'd use tags... that was the WW way, and it worked, but with the filter it's much more transparent and the security problem with .a

Re: [OS-webwork] Action invocation

On Thu, Jan 02, 2003 at 06:37:03PM +0100, Rickard Öberg wrote: > Patrick Lightbody wrote: > >This sounds scary to me -- I'm not entirely convinced that URLs with > >.action > >in them are terribly bad. I do have cases where 4 different actions use > >that > >same SUCCESS view: > > > >ShowDocument

Re: [OS-webwork] Action invocation

I'm with Pat here .. I actually prefer having urls with the .action in them to having pages with tags in them. For one thing, they perform better. Another reason is that I have the same situation as Pat, the same jsp is the success page for multiple actions. One final reason is that the migrati

Re: [OS-webwork] Action invocation

They have very, VERY different ways to retrieve the data. But yes, I suppose one could design differently. - Original Message - From: "Rickard Ã-berg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 02, 2003 9:37 AM Subject: Re: [OS-webw

Re: [OS-webwork] Action invocation

Patrick Lightbody wrote: This sounds scary to me -- I'm not entirely convinced that URLs with .action in them are terribly bad. I do have cases where 4 different actions use that same SUCCESS view: ShowDocumentListA.success = doc_list.jsp ShowDocumentListB.success = doc_list.jsp ShowDocumentListC

Re: [OS-webwork] Action invocation

This sounds scary to me -- I'm not entirely convinced that URLs with .action in them are terribly bad. I do have cases where 4 different actions use that same SUCCESS view: ShowDocumentListA.success = doc_list.jsp ShowDocumentListB.success = doc_list.jsp ShowDocumentListC.success = doc_list.jsp -