[Seaside] A session-aware kind of FileLibrary - how/where to start

List list at afceurope.com
Mon Apr 12 07:51:35 UTC 2021 

Hi Joachim,


	You can register your files in a composite url by using 2 steps  (for instance clubs/fichiers)

(Seaside.WAAdmin defaultDispatcher handlers at: 'clubs')
        register: Seaside.WAFileHandler default
        at: 'fichiers’.

	Annick

> Le 11 avr. 2021 à 14:11, jtuchel at objektfabrik.de a écrit :
> 
> I solved the problem differently, because this was going to be complicated...
> 
> I just found that WADocumentHandler is quite exactly what I was looking for. It even has a few advantages for my use case: it doesn't even need to transport any information about the file to the Browser, it just renders a  _d parameter and is only valid within the session. A pity that I overlooked this at my first attempt to solve the problem. It took me a few hours to rewrite things and now I have what I wanted: I can serve files which have no guessable URLs and can only be served within a session. 
> 
> It also solves the Apache Load Balancer problem, because the IMG or A paramters are URLs within /MyApp, just like any other component. So no need to register it in any location that can be handled correctly by mod_proxy_balancer and stuff. 
> 
> 
> 
> Thanks for listening and have a nice rest-of-the-weekend!
> 
> 
> 
> Joachim
> 
> 
> 
> 
> 
> 
> 
> Am 11.04.21 um 07:45 schrieb jtuchel at objektfabrik.de <mailto:jtuchel at objektfabrik.de>:
>> Esteban,
>> 
>> 
>> I used your suggestion and it works very nicely. In development ;-)
>> 
>> Here are 2 things I encountered in a deployed image
>> 
>> If the _s parameter is not the first one in the URL, the tracking Strategy will always return a nil key. Not sure why, especially in the light of the fact that this works fine in a dev image
>> I have troubles getting things to work behind a load-balancing Apache because of the path. This one is really critical to me, let me explain:
>> I have configured Apache with mod_proxy_balancer to distribute load in sticky sessions to a few images who all listen to localhost:xxxx/MyApp. Since my Pseudo-FileLibrary needs the session context, it is necessary that all traffic of a session goes to the same image. So far, so well-known and logical.
>> 
>> The trouble is: my Application ist registered at: /MyApp, while the Pseudo-FileLibrary is registered at: /documents
>> 
>> This means that Apache mod_proxy_balancer will redirect all requests that get sent to https://mydomain/documents <https://mydomain/documents> to https://mydomain/MyApp <https://mydomain/MyApp>, which means a link or img tag points to the login page instead of a document served by my Pseudo File Library. The Pseudo File Library never gets to see a request...
>> 
>> I couldn't find a way to register a WARequestHandler subclass as a sub-path of a registered App. Because what I need is to register my Handler at /MyApp/documents. 
>> 
>> WAAdmin register: MyHandler at: 'MyApp/documents' 
>> 
>> throws an error: MyHandler doesNotUnderstand: key:.
>> 
>> 
>> So: how can I register a WARequestHandler at a subpath like /MyApp/documents?
>> Or, alternatively: how can I redirect incoming requests for /MyApp/documents to /documents within my image? (It seems hard to impossible to configure this on the Apache side...)
>> 
>> 
>> Any ideas or hints?
>> 
>> 
>> 
>> 
>> 
>> Joachim
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Am 30.03.21 um 14:54 schrieb Esteban Maringolo:
>>> On Tue, Mar 30, 2021 at 6:51 AM Sven Van Caekenberghe <sven at stfx.eu> <mailto:sven at stfx.eu> wrote:
>>>> I would try to look at WAFileHandler, which is responsible for serving the files.
>>> I thought about the same approach.
>>> 
>>> 1. Implement some WARestrictedFileHandler subclass of WAFileHandler,
>>> where you configure (via a preference or plain instVar) the identifier
>>> of the app that has the session registry (e.g. 'myApp')
>>> 2. In the handleFiltered: you get a reference to that WAApplication
>>> and then you do something like:
>>> 
>>> handleFiltered: aRequestContext
>>>   | app key session |
>>>   app := WAAdmin defaultDispatcher handlerAt: 'myApp'.
>>>   key := app trackingStrategy keyFromContext: aRequestContext.
>>>   key isNil
>>>     ifTrue: [ "generate the 403 response" ]
>>>     ifFalse: [
>>>      session := app cache at: key ifAbsent: [ nil ].
>>>      session isNil
>>>        ifTrue: [ "generate 403" ]
>>>        ifFalse: [ ("check whether session is valid" ) ifTrue: [^super
>>> handleFiltered: aRequestContext] ifFalse: ["403..."]
>>>     ]
>>> ]
>>> 
>>> So the approach is to externally access the app session registry and
>>> fetch the session from there.
>>> 
>>> What is not clear to me is whether you want to restrict access to
>>> regular Seaside FileLibraries or to some other mapping to static files
>>> in a filesystem.
>>> 
>>> Regards,
>>> 
>>> Esteban A. Maringolo
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org <mailto:seaside at lists.squeakfoundation.org>
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside <http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside>
>> 
>> -- 
>> -----------------------------------------------------------------------
>> Objektfabrik Joachim Tuchel          mailto:jtuchel at objektfabrik.de <mailto:jtuchel at objektfabrik.de>
>> Fliederweg 1                         http://www.objektfabrik.de <http://www.objektfabrik.de/>
>> D-71640 Ludwigsburg                  http://joachimtuchel.wordpress.com <http://joachimtuchel.wordpress.com/>
>> Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1
>> 
>> 
>> 
>> 
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org <mailto:seaside at lists.squeakfoundation.org>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside <http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside>
> 
> -- 
> -----------------------------------------------------------------------
> Objektfabrik Joachim Tuchel          mailto:jtuchel at objektfabrik.de <mailto:jtuchel at objektfabrik.de>
> Fliederweg 1                         http://www.objektfabrik.de <http://www.objektfabrik.de/>
> D-71640 Ludwigsburg                  http://joachimtuchel.wordpress.com <http://joachimtuchel.wordpress.com/>
> Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1
> 
> 
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/seaside/attachments/20210412/6322ce07/attachment-0001.html>

More information about the seaside mailing list