[Seaside] A session-aware kind of FileLibrary - how/where to start

jtuchel at objektfabrik.de jtuchel at objektfabrik.de
Tue Apr 13 09:03:02 UTC 2021 

Hi Annick,


thanks a lot for this information. Would've saved my sunday ;-)
I tried a few "something"s in that direction but failed, so I ended up 
rewriting the whole thing to using WADocumentHandler. I am happy with 
the results for now, but there is a feeling of "maybe it is not going to 
be flexible enough in the future". So it is good to know this. I liked 
the way a WAFileHandler worked in my dev image.

I wonder where/how you found this info?


Joachim






Am 12.04.21 um 09:51 schrieb List:
> Hi Joachim,
>
>
> You can register your files in a composite url by using 2 steps  (for 
> instance clubs/fichiers)
>
> (Seaside.WAAdmin defaultDispatcher handlers at: 'clubs')
>         register: Seaside.WAFileHandler default
>         at: 'fichiers’.
>
> Annick
>
>> Le 11 avr. 2021 à 14:11, jtuchel at objektfabrik.de 
>> <mailto:jtuchel at objektfabrik.de> a écrit :
>>
>> I solved the problem differently, because this was going to be 
>> complicated...
>>
>> I just found that WADocumentHandler is quite exactly what I was 
>> looking for. It even has a few advantages for my use case: it doesn't 
>> even need to transport any information about the file to the Browser, 
>> it just renders a  _d parameter and is only valid within the session. 
>> A pity that I overlooked this at my first attempt to solve the 
>> problem. It took me a few hours to rewrite things and now I have what 
>> I wanted: I can serve files which have no guessable URLs and can only 
>> be served within a session.
>>
>> It also solves the Apache Load Balancer problem, because the IMG or A 
>> paramters are URLs within /MyApp, just like any other component. So 
>> no need to register it in any location that can be handled correctly 
>> by mod_proxy_balancer and stuff.
>>
>>
>> Thanks for listening and have a nice rest-of-the-weekend!
>>
>>
>> Joachim
>>
>>
>>
>>
>>
>> Am 11.04.21 um 07:45 schrieb jtuchel at objektfabrik.de:
>>> Esteban,
>>>
>>>
>>> I used your suggestion and it works very nicely. In development ;-)
>>>
>>> Here are 2 things I encountered in a deployed image
>>>
>>>  1. If the _s parameter is not the first one in the URL, the
>>>     tracking Strategy will always return a nil key. Not sure why,
>>>     especially in the light of the fact that this works fine in a
>>>     dev image
>>>  2. I have troubles getting things to work behind a load-balancing
>>>     Apache because of the path. This one is really critical to me,
>>>     let me explain:
>>>
>>> I have configured Apache with mod_proxy_balancer to distribute load 
>>> in sticky sessions to a few images who all listen to 
>>> localhost:xxxx/MyApp. Since my Pseudo-FileLibrary needs the session 
>>> context, it is necessary that all traffic of a session goes to the 
>>> same image. So far, so well-known and logical.
>>>
>>> The trouble is: my Application ist registered at: /MyApp, while the 
>>> Pseudo-FileLibrary is registered at: /documents
>>>
>>> This means that Apache mod_proxy_balancer will redirect all requests 
>>> that get sent to https://mydomain/documents to 
>>> https://mydomain/MyApp, which means a link or img tag points to the 
>>> login page instead of a document served by my Pseudo File Library. 
>>> The Pseudo File Library never gets to see a request...
>>>
>>> I couldn't find a way to register a WARequestHandler subclass as a 
>>> sub-path of a registered App. Because what I need is to register my 
>>> Handler at /MyApp/documents.
>>>
>>> WAAdmin register: MyHandler at: 'MyApp/documents'
>>>
>>> throws an error: MyHandler doesNotUnderstand: key:.
>>>
>>>
>>> So: how can I register a WARequestHandler at a subpath like 
>>> /MyApp/documents?
>>> Or, alternatively: how can I redirect incoming requests for 
>>> /MyApp/documents to /documents within my image? (It seems hard to 
>>> impossible to configure this on the Apache side...)
>>>
>>>
>>> Any ideas or hints?
>>>
>>>
>>>
>>> Joachim
>>>
>>>
>>>
>>>
>>>
>>> Am 30.03.21 um 14:54 schrieb Esteban Maringolo:
>>>> On Tue, Mar 30, 2021 at 6:51 AM Sven Van Caekenberghe<sven at stfx.eu>  wrote:
>>>>> I would try to look at WAFileHandler, which is responsible for serving the files.
>>>> I thought about the same approach.
>>>>
>>>> 1. Implement some WARestrictedFileHandler subclass of WAFileHandler,
>>>> where you configure (via a preference or plain instVar) the identifier
>>>> of the app that has the session registry (e.g. 'myApp')
>>>> 2. In the handleFiltered: you get a reference to that WAApplication
>>>> and then you do something like:
>>>>
>>>> handleFiltered: aRequestContext
>>>>    | app key session |
>>>>    app := WAAdmin defaultDispatcher handlerAt: 'myApp'.
>>>>    key := app trackingStrategy keyFromContext: aRequestContext.
>>>>    key isNil
>>>>      ifTrue: [ "generate the 403 response" ]
>>>>      ifFalse: [
>>>>       session := app cache at: key ifAbsent: [ nil ].
>>>>       session isNil
>>>>         ifTrue: [ "generate 403" ]
>>>>         ifFalse: [ ("check whether session is valid" ) ifTrue: [^super
>>>> handleFiltered: aRequestContext] ifFalse: ["403..."]
>>>>      ]
>>>> ]
>>>>
>>>> So the approach is to externally access the app session registry and
>>>> fetch the session from there.
>>>>
>>>> What is not clear to me is whether you want to restrict access to
>>>> regular Seaside FileLibraries or to some other mapping to static files
>>>> in a filesystem.
>>>>
>>>> Regards,
>>>>
>>>> Esteban A. Maringolo
>>>> _______________________________________________
>>>> seaside mailing list
>>>> seaside at lists.squeakfoundation.org
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>>
>>> -- 
>>> -----------------------------------------------------------------------
>>> Objektfabrik Joachim Tuchelmailto:jtuchel at objektfabrik.de
>>> Fliederweg 1http://www.objektfabrik.de
>>> D-71640 Ludwigsburghttp://joachimtuchel.wordpress.com
>>> Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1
>>>
>>>
>>>
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>>
>> -- 
>> -----------------------------------------------------------------------
>> Objektfabrik Joachim Tuchelmailto:jtuchel at objektfabrik.de
>> Fliederweg 1http://www.objektfabrik.de
>> D-71640 Ludwigsburghttp://joachimtuchel.wordpress.com
>> Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1
>>
>>
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org 
>> <mailto:seaside at lists.squeakfoundation.org>
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside


-- 
-----------------------------------------------------------------------
Objektfabrik Joachim Tuchel          mailto:jtuchel at objektfabrik.de
Fliederweg 1                         http://www.objektfabrik.de
D-71640 Ludwigsburg                  http://joachimtuchel.wordpress.com
Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/seaside/attachments/20210413/e34e3774/attachment.html>

More information about the seaside mailing list