Leszek Gawron dijo:
> If you use IE (I do not know how other browsers handle this) if you serve
> a
> page without client cache turned off you make a security hole (IE caches
> everything and serves even after user has logged out).
Very smart browser! ROTFL!
> See the code attached below. The "main" method marks all function,
> continuation and view requests not cacheable. What I request is the proper
> handling of code in runContinuation fuction.
>> > For all above examples you have to code logic in sitemap. I
>> > think this is not as elegant as if you could have whole logic
>> > in a flowscript
>> At the current state of this discussion I would say, let's not
>> add this feature to flow. If you want to do such things, write
>> some custom components (input modules, actions etc.) and use
>> them at appropriate places. But perhaps with some more info,
>> I see things in different light.
> If you write actions you split your logic into 2 areas: actions and flow.
> Right now I set "Cache-control" header for continuation with "set-header"
> action.
> The code (assume every non internal uri goes to "main" method ):
> var user = null;
> function main( action ) {
> cocoon.response.setHeader( "Expires", "-1" );
> cocoon.response.setHeader( "Cache-Control", "no-cache" );
> cocoon.response.setHeader( "Pragma", "no-cache" );
All these 3 instructions, can be setted in a the HTML style transformer
instead of doing it in Flow. If not you need to write it over and over.
> if ( user == null && !isContinuation( action ) ) {
> loginInternal();
> }
> invoke( action );
> }
>
> function invoke( action ) {
> print( "action: " + action );
>
> if ( isContinuation( action ) ) {
> var id = extractContinuationId( action );
> print( "da id: " + id );
> runContinuation( id );
> } else {
> func = this[ action ];
> if ( func != undefined )
> func.apply( this );
> else
> cocoon.sendPage( action, {} );
> }
> }
>
>
> function isContinuation( action ) {
> var id = new java.lang.String( action );
> return ( id.endsWith( ".continue" ) || id.endsWith( ".cont" ) );
> }
>
> function extractContinuationId( action ) {
> var id = new java.lang.String( action );
> var pos = id.indexOf( "." );
> return id.substring( 0, pos );
> }
>
> function runContinuation( continuationId ) {
> var contManager = null;
> try {
> contManager = cocoon.getComponent(
> "org.apache.cocoon.components.flow.ContinuationsManager" );
> var wk = contManager.lookupWebContinuation( continuationId );
> } finally {
> if ( contManager != null )
> cocoon.releaseComponent( contManager );
> }
> var c = wk.getContinuation();
> c( wk );
> }
>
In the below code, can you better use the standard authentication-fw. the
auth-fw can also work with flow:
> function loginInternal() {
> var form = new Form( "forms/login_d.xml" );
> var model = form.getModel();
> form.validator = loginValidator;
> form.showForm( "form/login", {} );
> }
>
> function loginValidator( form ) {
> var query = nTerApi.session.createQuery( "from User where name = :name
> and password = :password" );
> query.setString( "name", form.getWidget( "username" ).getValue() );
> query.setString( "password", form.getWidget( "password" ).getValue()
> );
>
> var list = query.list();
> if ( list.size() == 0 ) {
> form.getWidget( "messages" ).addMessage( "Błędny użytkownik lub
> hasło!" );
> return false;
> }
>
> user = list.get( 0 );
> return true;
> }
>
> function login() {
> user = null;
> loginInternal();
> cocoon.sendPage( "/nTer/view/welcome.jx", {} );
> }
>
> function logout() {
> user = null;
> cocoon.session.invalidate();
> cocoon.redirectTo( "/nTer/welcome.do", {} );
> }
