Ok, it's good that there are other devs reading, it means I can toss out
ideas and get useful feedback on them :)
Jim Davidson wrote:
Howdy,
I still watch the list but haven't had time to dig into the code in a
long time -- maybe later this summer :)
I unfortunately have more time to think about coding on my commute than
actually coding. But like you, maybe sometime soon.
Anyway, these connection filters are a bit confusing and not well
documented -- my fault. Here I think it's ok to not call the
filters again but it could go either way. If you update the code,
you could make it configurable, default current behavior, to avoid
breaking something that assumed the old behavior. In practice I
don't think these filters were used very much -- I can only recall
the access log modules and one other use in some obscure AOL internal
module from years ago.
I think there's some OpenACS folks reading at least intermittently, so
this may be of interest.
I get down into these filters trying to figure out why my OpenACS
installation returned error pages for bad urls instead of the configured
404 page. What appears to be going on is that a preauth filter
"rp_filter" is set up to do authentication and some other initialization
(importantly, populating ad_conn values), while the main request
processor is "rp_handler" which dispatches the request via a number of
different mechanisms and if it fails all of those falls through to
"ns_returnnotfound", which does the internal 404 redirect. However, the
404 page will also get handled by rp_handler, but based on the values in
ad_conn (specifically, extra_url) that are only set up in the preauth
filter; if the filter is not run again then it tries to handle the
internal 404 url based on the original url and fails again, until it
hits the recursion limit and just given an error. (BTW, setting up a
500 error page here crashes the server by overflowing the stack.) This
also makes it impossible to use acs-templating on the 404 or 500 error page.
Changing the internal redirect logic to call the filters makes this
apparently work cleanly in OpenACS. But I could also easily imagine a
case where calling those filters twice would badly break things, so
making it configurable with the old behavior as the default is probably
the best approach.
Alternately (if we were to rewind history) is would be useful to set the
authorization proc to a tcl callback. There a C api to set it, but
that's not exposed at the tcl level.
-J
-Jim
On Jun 2, 2011, at 7:04 PM, Jeff Rogers wrote:
Distracting myself with code diving, I found that internal
redirects, implemented by Ns_ConnRedirect and as are used for among
other things 404 and 500 error pages, work by changing the url,
reauthorizing, and then running the request. However, it does not
run preauth and postauth filters. This seems wrong to me, but it
seems to have been this way forever. Does anyone have a reason why
it shouldn't be changed to run those filters?
-J
PS: are any other developers even still reading this?
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email
to<lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER"
in the email message. You can leave the Subject: field of your
email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email
to<lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER"
in the email message. You can leave the Subject: field of your email
blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<lists...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
