Toby, response inline...
On Thu, 2004-06-17 at 07:32, tobias rademacher wrote: > Dear Peter, > > when do you think that Turbine 2.4 will be released? > I think Eric wanted to finalize something on the pipeline data issue which was discussed on this list a few weeks ago. On a recent visit to the UK Eric and I got together and did some refactoring in preparation for this but it is probably down to me to finish it and put a proposal forward. I'm buried in deadlines, but I will try to help move it forward. Really, it should not be long. > A questions about the usage of flucrum-security: > > Can I map any version fields necessary for optimisic locking?!? > I am pretty sure that you can add what you need but you may need to modify/add to the manager classes in fulcrum security. Eric could answer this one better... > Another question about antelope: > > What are you using for as validation framwork? Is it planed to use commons-validator > for this job? > Oddly enough, this bit is definitely down to me. I have written a component which was designed to examine every parameter in every request sent to Turbine. The idea was to allow validation to be added for every parameter, if required and to reject any request which included an unexpected parameter. FYI, I have named the component Turbine-ReView. In essence, the component, during development builds a series of maps of all the parameters it finds and saves the maps as .xml files. This happens in the background and does not interfere with development as the default validation applied is 'always true'. When switching to production the mode of operation is changed and instead of creating a new entry in the parameter map it rejects any unrecognised parameter. Validation can be added at any point in development by adding validation directives to the .xml files and reloading them. The validators used can be custom written, can leverage commons-validation, use oro regex or jdk 1.4 regex or other types of validation. So why isn't this in Turbine already? The current version is designed to use the pipeline in T2.4. However, the original version is currently in use in production using T2.3 and a custom ParameterParser. A colleague is this week testing the newly updated ReviewParameterParser for the latest version against a release version of Turbine 2.3. As soon as this is done, I'll ask Eric to commit it into proposals. Included is a 14 page manual of how to use and configure the review component. Zebra-antelope uses pretty much the latest Review and you can see the review configuration files in WEB-INF/review/rules. > Another sugesstion: > > The upcomming Turbine relases will heavliy lines on top of Avalon. > Whe decided to use Spring as our IoC container instead as it offers execellent > transcation > support, hibernate integration and as well AOP. I guess the Spring is so flexible to > reuse our Avalon Services as the are normally just beans, but reagarding lifecyle I > have > some doubts. It would be cool to get see more container independent services which > can be plugged > into Avalon, Pico and of course Spring IoC. Yes, I am a great fan of 'Inversion of Control' and 'Separation of Concerns' and use Avalon extensively. I am currently trying to replace the interim merlin build used in the 2.4-dev turbine with a final version build of merlin 3.3. I did have some issues with classloading which I am trying to resolve. If you have been following the Avalon lists, it has been a bit of a nightmare. ECM in use in T2.3 is deprecated and we wanted to use a non-deprecated container. Merlin seemed to be the only avalon container which we could use and I guess we would stick with it. However, there are issues (particularly now Excalibur is a new TLP) and these should be discussed in due course. As for using Spring, my feeling is that unless there is a very good reason not to we should stick with an Apache solution as default. Turbine can use Torque, OJB, Hibernate etc. but these are not central to Turbine. The Service Framework is what Turbine is and I think the default should be Apache if possible. Currently there is an ECM based container in T2.3 and T2.4 and in addition in T2.4 and working alongside of the ECM service is the TurbineMerlinComponentService. I see no reason why someone should not put forward a Spring, pico or other framework providing service as well. I think that it was Alex Karasulu who wrote a good piece about wrapping components to work in different containers, I think it was in the Directory project pages. Maybe we should look at this more closely. FYI, there is another component at zebra.tigris.org called meercat. This is a hibernate session manager for turbine which simplifies things considerably. Again it is used in zebra-antelope. (If anyone wonders why I keep writing zebra-antelope, it is because antelope was named before anyone noticed that there was already a project at tigris called antelope.) :-) > I'm not trying to start another religous debate about the used framwork, but for > __your__ needs > Spring seems to be the best solution, Personally, I'm using Merlin outside of webapps and using the same container has its benefits. :-) > and it would be cool to the the Turbine users decide what > fits best. Absolutely. Peter > Thx & Bye > Toby > > -----Urspr�ngliche Nachricht----- > Von: Peter Courcoux [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 17. Juni 2004 00:00 > An: Turbine Users List > Betreff: RE: I need simple Access Control (Security) with Turbine > withoutACL�s or Roles, how to do? > > > It's been said before, and I know its not ideal, but the best place to > start looking at this is to go to http://zebra.tigris.org and look at > the zebra-antelope web application. It uses turbine, and hibernate and > fulcrum-security. Don't be put off by the zebra workflow references. The > zebra engine is not yet embedded in the antelope example. > > I know that Zebra-Antelope does use a recent 2.4-dev build, but I > believe that it is the best resource we currently have for seeing how to > use Hibernate with Turbine. Also fulcrum-security does the job for which > it was written, but it is not a complete 'out-of-the-box' solution. > Again, this is probably the best resource we currently have for getting > an implementation working which can then be customised to suit. > > Look at how the fulcrum-security stuff works. If I recall correctly the > ACL interface in fulcrum-security is an empty interface, so I think you > can do what you want with it. You may need to customise the > AccessController, which builds the ACL, the LoginUser action and > possibly a SessionValidator. All of these are pluggable by changing the > default settings in TurbineResources.properties. > > Peter > > > On Wed, 2004-06-16 at 22:09, ANSI Webmaster wrote: > > Ok i've been reading up like a crazed hippodrome on all the hibernate stuff, > > and I'm also interested in where I can plug this into the Turbine ACL... > > This was also part of why I wanted to use the new version in the CVS as it > > said it had removed all the old Torque stuff. > > > > So where do I begin with this, whats a good place to start? > > > > /M > > > > -----Original Message----- > > From: Eric Pugh [mailto:[EMAIL PROTECTED] > > Sent: 10. juni 2004 19:39 > > To: Turbine Users List > > Subject: RE: I need simple Access Control (Security) with Turbine without > > ACL�s or Roles, how to do? > > > > You are right about needing to use the Adapter.. If you are using Fulcrum > > Security through the older Turbine Security service which is what things > > like the default session validators and rundata use to look things up. > > However, if you have reimplemented any of these things (which is pretty > > commong) then you can just lookup the Fulcrum Security service directly like > > any ohter avalon component and use methods.. > > > > A typical example would be admin screens that need extended security > > information. For an example of this, check out the Antelope example app > > available from here: http://zebra.tigris.org > > > > Eric > > > > > -----Original Message----- > > > From: Lester Ward [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, June 10, 2004 6:43 PM > > > To: 'Turbine Users List' > > > Subject: RE: I need simple Access Control (Security) with Turbine > > > without ACL�s or Roles, how to do? > > > > > > > > > > If you use the Turbine adapter, you inherit a lot of that stuff, > > > > but it runs in the 2.3 environment. If you use Fulcrum Security > > > > directly, then all of that stuff is gone. > > > > > > I was under the impression that the only way to use Fulcrum Security with > > > Turbine 2.3 was through the adaptor, but the statement above > > > seems to imply > > > otherwise. Could you elaborate? How does one not use the Turbine > > > adaptor and > > > still use Turbine? > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
