Re: Rewriting the JSON-RPC layer, compatibility issues hi.
Look at this feature request: http://bugzilla.qooxdoo.org/show_bug.cgi?id=3684. We don't use server_data because this is not JSON-RPC-compliant. We do use a custom http header set on the request that the qx.io.remote.Rpc uses - if 1.1.1/1.2 will include the feature request listed above, as it seems, you can easily switch to this mechanism, I suppose. As for Thron7's idea of passing the session info as arguments, I have to disagree. Authentication/Authorization is usually a process orthogonal to the actual business logic that you want to call. Passing info needed for authentication and authorization as arguments would require an additional, intermediate layer, which recodes arguments for the actual business method call. Best way is to have an out-of-band way of passing this additional info, and not have it interfere with the actual call. At best, you could pass a structure/map containing the actual call arguments in one key and the session info in another, and have a simple, generic implementation for this additional layer which just passes only the arguments key as arguments to the business logic method. But if you do it as we do it, i.e. using a servlet filter for authentication and an aspect for authorization, and wiring everything together via a spring application context, this still isn't a solution - neither the aspect nor the servlet filter are aware of the format of the call, and we don't want to have either of them inspect the call arguments. br, flj ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ qooxdoo-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
