Robin Wyles pisze:
>>
>> Actually, I don't understand how you solved this problem so probably
>> the best thing would be if you
>> could show me the patch (since it's one-liner).
>
> Patch against o.a.c.components.treeprocessor.sitemap.PipelineNode is
> attached.
Ahhh, I didn't think of using scheme. It turns out that SitemapServlet (thus
sitemap machinery) has
this one single method to recognize that request is coming from ssf and not
from browser.
Still this looks a little bit dangerous so I would like to see it applied along
with something like:
if (we allow request by recognizing "servlet" scheme)
logger.warn("Following request has been allowed to access internal-only
pipeline by using not
fully secure method:" + request);
Of course message should little bit more relevant that this is only potential
security whole which
is rather hard to use.
>
> I'll take a look and see if I can come up with something this week.
Great, as soon as you provide a good integration test I'm happy to commit it.
> On another note - I have a requirement to test how several cocoon 2.2
> blocks interact with each other via REST, on deployment these blocks are
> split into separate webapps that are hosted in different locations, but
> I guess for testing these could be combined into a single webapp. Is
> this something that I can achieve using the cocoon-it block?
I guess so but it's really Reinhard that is an expert in this area.
BTW. Are you going to connect blocks deployed to different machines using SSF?
This is something
I've been thinking for a while.
--
Grzegorz Kossakowski
