Robin Wyles pisze: <snip/> > It seems the check on the pipeline type and environment type is done by > o.a.c.components.treeprocessor.sitemap.PipelineNode, I made a simple > patch here that checks the request's scheme; if it is 'servlet' and the > pipeline is internal only, then processing is allowed to continue. While > not ideal, I think this method poses less of a security risk than using > a special request attribute. Also it's only one extra line in one class. > WDYT?
Actually, I don't understand how you solved this problem so probably the best thing would be if you could show me the patch (since it's one-liner). >> I believe implementing such a functionality on both SSF and >> Sitemap-engine sides would be rather >> easy task and I'm willing to help with preparing the patch and >> applying it. I would require a valid >> test-case for it before it gets accepted. > > Can you give me some hints as to how I can write a unit test for this? > I'm familiar with writing tests for sitemap components but I'm not sure > how to set up a test pipeline and set its attributes accordingly. I believe this would be very hard to cover with plain, simple unit test so I think integration test is needed. Then it's rather trivial, you just build pipelines (by providing sitemap.xmap) and you test what has been returned in special JUnit class. See: http://svn.apache.org/viewvc/cocoon/trunk/core/cocoon-webapp/src/test/java/org/apache/cocoon/it/ (contains JUnit classes) http://svn.apache.org/viewvc/cocoon/trunk/blocks/cocoon-it/src/main/resources/COB-INF/ (contains sitemap.xmap and rest of the resources) Don't ask me why these things have such a weird locations. Reinhard, can you comment on it? -- Best regards, Grzegorz Kossakowski
