Question: is the crux of the matter "pretty" urls, or is the cruz of
the matter security?
If the crux is pretty urls, then we should think about this some
more... trying to map a single url onto multiple resources, and cache
all of those resources seems pretty tricky.
If, on the other hand, you just need to make sure that "site_a" users
don't have access to site_b's assets, then maybe this isn't the best
approach?
For instance, you could use a dispatcher to verify that the user in
question has access to the asset in question.
For example, you could use the AssetProtectionDispatcher* that I wrote
awhile back, and contribute your own AssetPathAuthorizer which looks
at the asset path, and the current user, and determines if the user
has access to the asset.
Then you're not beating your head over trying to map a single url to
multiple assets, and you're using the built-in caching, and site b's
users aren't peaking at site a's assets.
If you also want pretty urls to boot... I'll have to mull over it a
bit when I have a bit more time.
Cheers,
Robert
* This is available from www.tapestrycomponents.com (I don't remember
what version is in there at the moment). The most current version is
0.0.9, dep on T5.0.11, and is available from the maven repo at:
www.saiwai-solutions.com/maven
On Mar 28, 2008, at 3/2812:08 PM , Andreas Pardeike wrote:
Robert ,
Just coded that and it (sort of) works. The problem is, as Chris has
mentioned, that T5 complains about the assets being not present.
And when I dodge this by simply creating my own prefix, lets say
'/host_assets/' and fall back to not using assets at all, then my
servlet container will handle the request and it will look at the
original request and fail to find the file.
So I have a feeling that I need to implement the strategy in two
parts: the one that modifies the request AND and custom lookup for
an assets.
OR, I use a third strategy: my app is divided in content that
is semi-static (in form of t5-templates with their own assets) and
content that is database driven. The later is already working fine
and there I simply use the fact that a T5 page has context that
I can use to create fake URLs (.../t5page/context/path/here.gif).
The only thing is, that I would love to use the build in asset
caching and not reinvent the wheel. With the database, Cayenne does
it automatically for me...
Is there a simple way to serve files from either a folder at the
classpath or from the web context *including* caching? Either from
a T5 page or from a dispatcher.
/Andreas
On 28 mar 2008, at 17.51, Robert Zeigler wrote:
Shooting from the hip here, but...
One way of going about this would be to contribute a RequestFilter,
rather than a Dispatcher.
RequestFilters get to pass on whatever request they want.
So you could wrap the request with a customized request that
modifies the result of getPath() based on which host is being run.
Something like:
public class DynamicAssetRequestFilter implements RequestFilter {
private final SymbolSource _source;
public DynamicAssetRequestFilter(final SymbolSource source) {
_source=source;
}
public boolean service(Request request, Response response,
RequestHandler handler) {
if
(request.getPath().startsWith(TapestryConstants.ASSET_PATH_PREFIX)) {
return handler.service(new
DynamicAssetRequest(request),response);
}
return handler.service(request,response);
}
class DynamicAssetRequest implements Request {
private final Request _request;
private final String _path;
DynamicAssetRequest(final Request request) {
_request = request;
String path = getPath();
String host = source.valueForSymbol("host");
_path = //process the path as appropriate to put host in
where you need it
}
//implement the Request interface by calling through to the
wrapped request
...
//override getPath.
public String getPath() {
return _path;
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
