There are still potential pitfalls there in T5. If your objects are
in forms, and looped through, by default, they will be serialized into
the form and when "reconstituted", they will not be attached to a
context. As of T5.1, loop, grid, etc. will use ValueEncoder to do
this job (or PrimaryKeyEncoder, but that's deprecated in 5.1). The
nice thing about T5 is that you can contribute ValueEncoders for
object types that will be used throughout the app, so you're not
having to constantly specify things. The t5-cayenne integration
library provides an implementation. By default, it stashes the object
type and pk into the stored string, but it also calls out to an
encryption service (default implementation just returns the string
passed to it; you can use ServiceOverrides to contribute your own
version) so you have the option of encrypting the stored strings
according to whatever mechanism suites your needs, thereby avoiding
storing raw pks into urls & form data. All in all, the T5/cayenne
experience is much better than the T3/cayenne experience; can't say
much about T4/cayenne since I skipped from T3 to T5, but I suspect
that, on the whole, it was similar to T3/cayenne.
Cheers,
Robert
On Sep 15, 2009, at 9/158:23 AM , Michael Gentry wrote:
Nice. Did you have any integration issues? I'm just starting to use
Cayenne with T5 and it has been surprisingly smooth thus far, but I
still have lingering memories of the hoops I had to jump through with
T4 (especially looping over data objects) serializing my objects.
Thanks,
mrg
On Mon, Sep 14, 2009 at 12:26 PM, Borut Bolčina <borut.bolc...@gmail.co
m> wrote:
Yes, we successfully deployed a T5 application (openid server (70K
users and
rising) and much more) and yes it uses Cayenne 3M6. :-)
I am again gaining momentum to continue writing.
Cheers,
Borut
2009/9/14 Michael Gentry <mgen...@masslight.net>
Hi Borut,
I'm just curious if you are still using Tapestry 5 (and if using
Cayenne with T5)? I also liked your blog where you were writing
about
T5. I found that useful when I was just starting to read about T5
and
get started in it (I'm still learning, of course -- no expert here).
mrg
On Mon, Sep 14, 2009 at 4:07 AM, Borut Bolčina <borut.bolc...@gmail.co
m>
wrote:
Hello,
I think web developers should be given an advice at
http://cayenne.apache.org/doc/web-applications.html that if using
Cayenne
Servlet Filter the web application can be brought to a halt if a
malicious
user sends lots of cookie-less requests (every request bounds data
context
to a new session). We were testing our app with JMeter and found
out we
can
not afford to use filter approach.
It would be of most value if some debates from the mailing list
about how
to
use DataContext based on different web application needs would be
at the
http://cayenne.apache.org/doc/obtaining-datacontext.html. What I
have in
mind is a tiny cookbook, just two or three recipes, on why it is
good to
gave one data context shared for all users, some data context
created for
each request, some saved in the session, when not to put dc in the
session
etc.
Should I open an issue in the JIRA?
Cheers,
Borut
