pas-dev Mailing List for Perl Application Server (Page 12)
Status: Beta
Brought to you by:
mortis
Menu
▾
▴
pas-dev — Development mailing list.
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
(6) |
Mar
(19) |
Apr
(3) |
May
(147) |
Jun
(6) |
Jul
(4) |
Aug
(12) |
Sep
(1) |
Oct
(12) |
Nov
(23) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(4) |
Feb
(12) |
Mar
(13) |
Apr
(16) |
May
(28) |
Jun
(9) |
Jul
(1) |
Aug
(2) |
Sep
|
Oct
|
Nov
(84) |
Dec
(25) |
| 2004 |
Jan
(5) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(13) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(5) |
Oct
|
Nov
|
Dec
|
|
From: Kaare R. <ka...@ka...> - 2002-06-28 19:18:54
|
> It did go to sleep. Two of the primary developers (Justin Bedard and > myself) both work for the same employer. We've been busy working long > hours on a project for our employer and havn't had the time to dedicate to > Pas. Tell me about it... > work on Pas as well. Unfortunatly we haven't been working on those > projects recently. The solution: Use Pas for all your projects; include as much code into Pas as possible :-) > currently using Pas for ecommerce website development, so my needs are > probably different from yours. Our internal applications don't need Freemoney is not YAWS (Yet Another Web Shop :-)), as I'm sure you already figured out from my other email. I use Interchange for Web Shopping - and it's really very nice for that. > features. We're using Pas for web-based data entry applications. This is exactly what I need. > Another factor you have to consider is that even though we're happy to > help you succeed in your project, the time we dedicate this project is > largely personal. So thinks may not go as fast as you need them to (like > the last month or so). Freemoney is my personal project. I really don't have the time for it, but hey, it's fun, so I make time for it. I'm in no real hurry. I'm happy with the current state of my project, but I realize that it is not the way to go for what I want. Now is the time to stop and think. If you have the time and energy, we might develop objects that are generic enough to go into Pas - and maybe some that are dedicated to my project. But first, this weekend is for IRS :-( -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 12.00-18.00 Email: ka...@we... 2000 Frederiksberg Lørdag 11.00-17.00 Web: www.suse.dk |
|
From: Kyle R . B. <mo...@vo...> - 2002-06-28 14:40:44
|
> > Could you tell me, just out of interest, what does Freemoney do??
>
> Freemoney is a financial application with Customer, Product, Order, General
> Ledger and Accounts Receivables.
> It is a project I started "for fuN" and because I have a business here. I've
> personally used it since May 2001 and it is now in a state where I can say
> that I use it for all my business needs - except Accounts Payables, which I
> can handle manually.
> The design and development has been ad hoc and has really been a learning
> process as to what can be done on the Net - and has been slow due to the
> lack of time.
> So I would describe the current status as "prototype finished" - though it's
> a working prototype (I use it, remember?).
>
> The prototype is based on
> - PostgreSQL as database
> - Perl as language
> - Apache as web server
> - Interchange as embedded language
>
> There's nothing wrong with Interchange per se, but I've evaluated the
> development process and decided that it's a very error prone and
> non-extensible model to blend database, process and presentation code in one
> html page.
If we can come up a design for the features you need, perhaps we can start
building them. I'm no accountant, though I have built sites that sell
on the internet.
> That's why Pas seems to be the best model.
Thank you for that statement.
> I also think that Perl needs a
> real application server to stand up against Java and Python and the like.
So do we. Perl certinly has as much (or more) potential as those other
technologies...no one has sat down and designed an enterprise level
application server...at least not beyond integrating the interpreter into
Apache. Application servers need more than just language support in a
web-server.
Thanks,
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kyle R . B. <mo...@vo...> - 2002-06-28 14:28:11
|
> I wonder if this project went to sleep last month? There was a bundle of
> messages when I entered the mailing list, but I had to focus on my business
> - the IRS reporting is due July 1 - and since that time there has been no
> messages from you developers.
> Are you on vacation? Did you abandon the project? What happened.
It did go to sleep. Two of the primary developers (Justin Bedard and myself)
both work for the same employer. We've been busy working long hours on a
project for our employer and havn't had the time to dedicate to Pas.
We have used Pas for 2 internal projects at work, and when we are working
on, or maintaining those projects, we often get the opportunity to do some
work on Pas as well. Unfortunatly we haven't been working on those projects
recently.
This project is not abandoned. For our needs, and the needs of the some of
the other users that we're aware of, Pas is already stable and useful. At
my employer, the two applications we've used it for have been running and
used successfuly since December of 2001.
> I ask because I'm still seriously in doubt as to where I will go with my OSS
> project Freemoney. I've decided that I need to break out of the "everything
> in the page" style that Interchange, EmbPerl and Mason supports. I know that
> they probably can use modules, but my understanding is that it's somewhat
> bolted on.
>
> I do believe that Pas has a better strategy, but also that there is a lot of
> work to be done before it can act as what I want. Menus, security and stuff
> as I laid out before.
Well, Pas, as it is designed, is infrastructre software. In the same vein
as jsps/servelts, it's a tool you can use to build applications on top of.
At at former employer, I had started a project to create an ecommerce framework
on top of Pas, but the project never got much buy-in from the management, so
it floundered.
I would be willing to work with you to build these features on top of Pas,
I think they'd make a great basis for building higher level applications.
I'm sure the other developers would be willing to help as well. I am not
currently using Pas for ecommerce website development, so my needs are
probably different from yours. Our internal applications don't need
accounting, product catalogs, shopping baskets, or other common ecommerce
features. We're using Pas for web-based data entry applications.
> What is your advice?
> I hope to have more time after July 1, but now there's a large pile of work
> building up while i do the accounting and reporting :-(
Well, my advice is to do what's best for your and your application. If
that happens to be going with another technology, then by all means do so.
I would hate to have you decide to go with Pas and have your project fail.
I've done 2 ecommerce websites (one in Perl, and one in Java), which is what
caused me to start Pas to create a framework for the next sites I was going to
have to build. I beleive that the servlet model is a good design for doing
application servers, and I beleive that Perl is a good language/technology
for the type of development that you need to do for web sites.
Based on that, I beleive Pas would work well for an ecommerce site. It
just might take alot of implemented features to get it to the point where
it's useful for you. If you're willing to work with us, and can afford to
spend the time, we will help you build the components you need - especialy
if you're willing to have those components released as opensource (either
as part of Pas, or as part of a project based on Pas).
Another factor you have to consider is that even though we're happy to
help you succeed in your project, the time we dedicate this project is
largely personal. So thinks may not go as fast as you need them to (like
the last month or so).
Thank you for considering Pas. I wish you success, whatever route you
decide to take.
Best regards,
Kyle R. Burton
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kaare R. <ka...@ka...> - 2002-06-28 10:09:54
|
> Could you tell me, just out of interest, what does Freemoney do?? Freemoney is a financial application with Customer, Product, Order, General Ledger and Accounts Receivables. It is a project I started "for fuN" and because I have a business here. I've personally used it since May 2001 and it is now in a state where I can say that I use it for all my business needs - except Accounts Payables, which I can handle manually. The design and development has been ad hoc and has really been a learning process as to what can be done on the Net - and has been slow due to the lack of time. So I would describe the current status as "prototype finished" - though it's a working prototype (I use it, remember?). The prototype is based on - PostgreSQL as database - Perl as language - Apache as web server - Interchange as embedded language There's nothing wrong with Interchange per se, but I've evaluated the development process and decided that it's a very error prone and non-extensible model to blend database, process and presentation code in one html page. That's why Pas seems to be the best model. I also think that Perl needs a real application server to stand up against Java and Python and the like. -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 14.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Kaare R. <ka...@ka...> - 2002-06-28 09:37:16
|
I wonder if this project went to sleep last month? There was a bundle of messages when I entered the mailing list, but I had to focus on my business - the IRS reporting is due July 1 - and since that time there has been no messages from you developers. Are you on vacation? Did you abandon the project? What happened. I ask because I'm still seriously in doubt as to where I will go with my OSS project Freemoney. I've decided that I need to break out of the "everything in the page" style that Interchange, EmbPerl and Mason supports. I know that they probably can use modules, but my understanding is that it's somewhat bolted on. I do believe that Pas has a better strategy, but also that there is a lot of work to be done before it can act as what I want. Menus, security and stuff as I laid out before. What is your advice? I hope to have more time after July 1, but now there's a large pile of work building up while i do the accounting and reporting :-( -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 14.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: John B. <jo...@po...> - 2002-06-21 09:56:24
|
Hello, I think I've got a problem with running my 'web applications' within PAS, but I'm sure this concern presents itself with everybody's page objects. I've got some XML processing which uses a fair amount of memory. I'm pretty sure I'm undef-ing most things after use (but there are probably some things I missed) but my understanding of Perl is that it doesn't return memory to the system on an undef, at least immediately. Does Perl take more memory next time it needs to allocate some, or does it use resource from its undef-ed but not de-allocated memory? It seems so to me. How can I prompt Perl to release memory no longer used, without restarting PAS? Or how can I get Perl to reuse the memory it hasn't de-allocated. I'm just worried that due to the way PAS works I'll run the machine dry of resources after the object has responded to a number of requests (max number requests = available resource / resource required per request). Would somebody be kind enought to shed light on this issue for me? How do other people deal with this? Best wishes, John Bywater. ----- Original Message ----- From: "Kyle R . Burton" <mo...@vo...> To: "Pas Dev" <pa...@li...> Sent: Wednesday, May 16, 2001 9:11 PM Subject: Re: [Pas-dev] Install-Test: Executing examples/00INDEX.HTML - Exa mple 1 - gives "TIEHASH" error > > fyi: My friend "Bob Maccione" has looked up this bug in the internet perl > > world and found some good stuff. One guy reported the bug and had said he > > originally compiled with "EVERYTHING=1". He then went back and added (i > > assume 'added') the PERL_TABLE_API=1 and it fixed it.... I don't have > > correct permission to re-make so waiting on 'Bob Maccione' to do it... I > > hope that is it.... > > Well, if that is it then at least we'll know how to solve this issue if > [when] it comes up again -- and we'll have another good entry for the > FAQ. > > Thanks again. > Kyle > > -- > -------------------------------------------------------------------------- ---- > Of course power tools and alcohol don't mix. Everyone knows power tools > aren't soluble in alcohol... -- Crazy Nigel > mo...@vo... http://www.voicenet.com/~mortis > -------------------------------------------------------------------------- ---- > > _______________________________________________ > Pas-dev mailing list > Pa...@li... > http://lists.sourceforge.net/lists/listinfo/pas-dev |
|
From: Justin B. <ju...@le...> - 2002-05-31 21:28:01
|
I discovered why Apache 2.0 + mod_perl 2.0 + CGI.pm 2.8 doesn't work with our internal application: DBI->connect() fails silently. :( Therefore, if I turned on DB sessions when running the PAS examples, that would have failed too. I'll be looking into it some more. Justin |
|
From: Justin B. <ju...@le...> - 2002-05-31 19:35:24
|
Ok. I got all the PAS examples running under Apache 2.0.36, mod_perl 2.0 &
CGI.pm 2.81. There's a bug in CGI.pm 3.01b with reading cookies. I might have
needed to modify it to make it complient with mod_perl 2.0, I dunno.
All the PAS examples work. The internal application developed using PAS still
has some small problems but this will get you up and running if you want to be
"cutting edge". I think I got everything I changed below.
Here's the diff for RequestHandler.pm:
=================================================================================
RCS file: /cvsroot/pas/pas/src/Org/Bgw/Pas/RequestHandler.pm,v
retrieving revision 1.39
diff -r1.39 RequestHandler.pm
10c10,18
< use Apache::Constants qw(:response :http);
---
> use Apache::Const qw(:http :common);
> use Apache::RequestRec;
> use Apache::RequestIO; # for $r->print()
> use Apache::Response; # for $r->send_http_header()
> use Apache::SubRequest (); # for $r->lookup_uri()
> use APR::Table; # for $r->headers_out()
>
133,135c141,142
< $self->request()->header_out(
< 'Location' => $self->page()->response()->redirect_uri()
< );
---
> $self->request()->headers_out->{'Location'} =
> $self->page()->response()->redirect_uri();
145,147c152,153
< $self->request()->header_out(
< 'Expires' => 'Expires: Sat, 29 Dec 2001 16:44:13 GMT'
< );
---
> $self->request()->headers_out->{'Expires'} =
> 'Expires: Sat, 29 Dec 2001 16:44:13 GMT';
151,152c157,158
< $self->log()->debug("header_out: Set-Cookie: ", $cookie);
< $self->request()->header_out('Set-Cookie',$cookie);
---
> $self->log()->debug("headers_out: Set-Cookie: ", $cookie);
> $self->request()->headers_out->{'Set-Cookie'} = $cookie;
=================================================================================
CGI.pm needs:
use Apache::RequestRec;
use APR::Pool;
And change line 272 from:
# Apache->request->register_cleanup(\&CGI::_reset_globals);
to:
Apache->request->pool->cleanup_register(\&CGI::Object::_reset_globals);
And at line 163:
require Apache;
to:
require Apache2;
=================================================================================
httpd.conf should look like:
PerlInitHandler Apache::Reload
PerlSetEnv PAS_BASE "/usr/local/pas"
PerlRequire /usr/local/pas/conf/startup.pl
Alias /pas/ /usr/local/pas/htdocs/
<Location /pas/>
Options +ExecCGI
SetHandler perl-script
PerlHandler Org::Bgw::Pas::RequestHandler
</Location>
=================================================================================
Log::Dispatch::Screen behaves a little funny when printing to STDERR. It will
just stop in the middle of a log stmt. I just turned it off so it would stop
annoying me.
Justin
|
|
From: Justin B. <ju...@le...> - 2002-05-30 22:48:37
|
I'm even closer. I think I 'hacked' CGI.pm to work with mod_perl-2.0. CGI.pm needed: use APR::Pool; use Apache::RequestRec; # line 222: # Apache->request->register_cleanup(\&CGI::Object::_reset_globals); Apache->request->pool->cleanup_register(\&CGI::Object::_reset_globals); I'm not sure if it works yet. I'm using v3.01b of CGI.pm so the line numbers which I modified may differ. I had to 'hack' some more of Org::Bgw::Pas::RequestHandler. I added: # use Apache::Constants qw(:response :http); use Apache::Const qw(:http :common); use Apache::RequestRec; use Apache::RequestIO; use APR::Table; I had to change: - header_out() to headers_out() (which is the what they recommend for mod_perl-1.x anyways) - print() to puts() I'm still trying to determine what to do with send_http_header(). So far I think the solution is to comment it out. I'm also trying to figure out what to do with redirects. I think that's what I'm blowing up on now. But at least I get a nice white page with no error messages (which means nothing pointing me in the right directions). This is probably a complete waste of time until mod_perl-2.0 is released (along with an updated CGI.pm) but it's fun nonetheless. Justin |
|
From: Justin B. <ju...@le...> - 2002-05-30 21:40:17
|
Kaare Rasmussen wrote: >> Well, using the same approach as above, you could set the PAS_BASE: > > > I did, but still it wouldn't start up. > >> Thanks for giving it a shot. It was useful to know that set env no >> longer >> works in Apache 2.0/mod_perl. > > > There is a compatibility option, but it's not the right way to go. In the mod_perl-2.0 source directory, check out the file: src/docs/2.0/user/compat/compat.pod The API has changed. You might be able to run PAS under mod_perl-2.0 if you have both mod_perl-2.0 & mod_perl-1.x installed and then modify the startup.pl. If you put: use Apache2; use Apache::compat; in the BEGIN block, you might gain backwards compatibility w/ mod_perl-1.x. Some other API from 1.x that is in PAS that's changed (that I've seen so far): - Apache::Constants has been replaced by 3 modules: Apache::Const, APR::Const & ModPerl::Const. They don't seem to be fully functional because whatever I change it to in Org::Bgw::Pas::RequestHandler, it still doesn't work. - "PerlHandler" was replaced with "PerlResponseHandler" (needed change in httpd.conf) - CGI.pm is not compatible with mod_perl-2.0. It requires Apache.pm. mod_perl-2.0 has moved that file to Apache2.pm. So if you manually modify CGI.pm it should work. But I'm hung up on the Apache::Constants thing. - Apache::StatINC was replaced with Apache::Reload UPDATE: I just got Apache to start!! In Org::Bgw::Pas::RequestHandler, I changed the use Apache::Constants qw(:http :response); line to use Apache::Const qw(:http :common); Well it runs and blows up! I think there's more incompatibility issues with CGI.pm. I believe I just confirmed there is compatibility issues: register_cleanup() has been replaced with "APR::Pool::cleanup_register()" And I started searching the web. It says if you use Apache::compat, it should solve those compatibility issues. Too bad my old version of mod_perl isn't installed.... Justin |
|
From: Kyle R . B. <mo...@vo...> - 2002-05-30 21:22:11
|
> > What do you mean by case sentence?
>
> <authSystem:restrictByRole roles="loggedIn,catalogEditor">
> <A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this</A>
> <authSystem:restrictByRole roles="loggedIn,viewItem">
> <A HREF="/ec/admin/catalog/ProdView?id=<%= $product->id() %>">Look</A>
> <authSystem:restrictByRole else>
> <A HREF="/ec/admin/catalog/rest?id=<%= $product->id() %>">Dunno</A>
> </authSystem:restrictByRole>
>
> I just imagine that it will be common to have pages like that.
Ah, now I see what you mean. I don't think using taglibs as if/elsif/else
statements is really how they were intended...but that is an interesting
twist.
Without the if/else structure, that would have to be written as:
<authSystem:restrictByRole roles="loggedIn,catalogEditor">
<A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this</A>
</authSystem:restrictByRole>
<authSystem:restrictByRole roles="loggedIn,viewItem">
<A HREF="/ec/admin/catalog/ProdView?id=<%= $product->id() %>">Look</A>
</authSystem:restrictByRole>
<authSystem:restrictByRole excludeRoles="loggedIn,catalogEditor,viewItem">
<A HREF="/ec/admin/catalog/rest?id=<%= $product->id() %>">Dunno</A>
</authSystem:restrictByRole>
I don't know how to do the 'else' with this model using straight taglibs.
That is an interesting point. The only way I could think of it was to
have the excludeRoles attribute to invert the logic check. But it's not
as clean as an if/else syntax. Maybe extend the tablib to have a succeed
block and a fail block? Where the fail block is optional?
<authSystem:restrictByRole roles="loggedIn,catalogEditor">
<authSuccess>
<A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this</A>
</authSuccess>
<authFailure>
<A HREF="/ec/admin/catalog/rest?id=<%= $product->id() %>">Dunno</A>
</authFailure>
</authSystem:restrictByRole>
<authSystem:restrictByRole roles="loggedIn,viewItem">
<authSuccess>
<A HREF="/ec/admin/catalog/ProdView?id=<%= $product->id() %>">Look</A>
</authSuccess>
<authFailure>
<A HREF="/ec/admin/catalog/rest?id=<%= $product->id() %>">Dunno</A>
</authFailure>
</authSystem:restrictByRole>
But that's not a clean way to do it either...the conceptual problem for me
is that a taglib is markup, not programmatic logic, so the idea of an if/else
doesn't fit correctly in my mind.
It's markup in the sense that you're using a tag to surround content, to
'mark it up'. Our example _is_ code in the sense that it expands (compiles)
to code when the PSP is processed.
So I suppose we could have nested params:
<authSystem:byCase>
<authCase roles="loggedIn,catalogEditor">
<A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this</A>
</authCase>
<authCase roles="loggedIn,viewItem">
<A HREF="/ec/admin/catalog/ProdView?id=<%= $product->id() %>">Look</A>
</authCase>
<authCase else>
<A HREF="/ec/admin/catalog/rest?id=<%= $product->id() %>">Dunno</A>
</authCase>
</authSystem:byCase>
That would at least keep it clusterd/nested under a single tag declaration.
Taglibs are XML, so they have to be at least well formed, which means each
tag has both an open and close instance - or a shorthand instance, like:
<tag />
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kyle R . B. <mo...@vo...> - 2002-05-30 20:39:26
|
I just spent a little bit of time looking at XML::Parser [expat based] and
XML::SAX (tried the PurePerl implementation) as possible base classes for
the compiler.
I used the following test file:
<%@ include file = "/_pageCommon.psp" %>
<%
$pageInfo->title("a test page");
$pageInfo->bgcolor("#FFFFFF");
%>
<%@ include file = "_header.psp" %>
<psp:include page="/test/IncludeMe">
<psp:param name="paramName" value="a value" />
</psp:include>
<%@ include file = "_footer.psp" %>
Each of the XML parsers I tried all choked on the '<%' - the % is an invalid
character for an XML identifier.
Thinking about the taglib style tags (like <psp:include ...>), I don't think
that any of the HTML parsers will work either. So that leaves us in the
unfortunate position of having to write our own parser.
What I've thought of so far is actualy rooted in my experience with lex and
yacc. Those tools cover the low-level problem domain nicely. They have
the concept of parser 'states'. I can see a few descrete states for our
lexer/parser:
default
stringSingleQuoted
stringDoubleQuoted
xmlComment
pspComment
We'd need to store the state as a stack (I'll explain more about that a
little further on). The state transitions would then be:
default ['] => stringSingleQuoted
default ["] => stringDoubleQuoted
default [<!--] => xmlComment
default [<%--] => pspComment
stringSingleQuoted ['] => <*pop*>
stringDoubleQuoted ["] => <*pop*>
xmlComment [-->] => <*pop*>
pspComment [--%>] => <*pop*>
Where <*pop*> means to pop the current state off of the state stack,
effectivly returning the parser to the previous state. This allows
things like strings nested in xmlComments, or a pspComment nested within
a string - where the nested pspComment is not stripped, precisely because
it's quoted inside the string.
To acheive this correctly, each state has to have different tokenization
rules. You can think of the lexer as an entity that eats input from
the left to the right by trying each of the patterns one at a time, untill
one matches - then the matched text is considered the token and remvoed
from the input.
For instance, the default state might tokenize with the following
patterns:
qr/([a-zA-Z][a-zA-Z\d:\-_]+)/ # word/identifier
qr/(\s+)/ # whitespace sequence
qr/(.)/ # any other characters are singleton tokens
The two string states might tokenize with the following patterns:
qr/(\\\\)/;
qr/(\\['"])/;
qr/(.)/
The two comment states could use the same patterns as the default state.
This defines our lexer (a routine that turns the input [the psp file]
into a stream of tokens).
The parser (analagous to yacc) is then a higher-level construct that
recognizes patterns of tokens. Some of the state transitions require
more than 1 token, so the parser needs to recognize patterns of tokens
for the state transitions.
I just got interrupted, so I'm stopping here...please feel free to respond
to what's here have so far...
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kaare R. <ka...@ka...> - 2002-05-30 20:33:56
|
> What do you mean by case sentence? <authSystem:restrictByRole roles="loggedIn,catalogEditor"> <A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this</A> <authSystem:restrictByRole roles="loggedIn,viewItem"> <A HREF="/ec/admin/catalog/ProdView?id=<%= $product->id() %>">Look</A> <authSystem:restrictByRole else> <A HREF="/ec/admin/catalog/rest?id=<%= $product->id() %>">Dunno</A> </authSystem:restrictByRole> I just imagine that it will be common to have pages like that. -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 12.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Kyle R . B. <mo...@vo...> - 2002-05-30 20:19:22
|
> > <authSystem:restrictByRole roles="loggedIn,catalogEditor">
> > <A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this
> > </authSystem:restrictByRole>
>
> Maybe some kind of case sentence. Role a gives this button, role b another
> etc.
What do you mean by case sentence?
The above syntax is, in my opinion, preferable to the alternative:
<% if( $userProfile->hasRole('loggedIn') && $userProfile->hasRole('catalogEditor') ) { %>
<A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this Product</A>
<% } %>
Which is alot harder to maintain, _and_ is dependant on the profile
implementaion. If we change the proifile implementaion in the future,
then the taglib version can adapt to that, the hard-coded psp can not.
The tablib version is also much more easily utilized by a non-developer
maintaining the content for your site than the Perl code in the PSP.
> > Does this make sense? Does it sound like a useful feature?
>
> The feature is useful but I guess it boils down to the question if it add too
> much complexity to pas. If it's straightforward, it's a win.
I don't think it'll add that much complexity to Pas. Besides, it's a feature
I wanted to add from the beginning. It just seems appropriate at this point.
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kaare R. <ka...@ka...> - 2002-05-30 20:16:42
|
> Now that you guys are starting to add alot of features, maybe it's time > to start thinking about adding on common high level functionality, like > content management, user profiles, an auth system, security (one possible > approach is described above, there may be others that are better). These are IMO different kinds of creatures. This is my view, you may disagree. I'm just trying to divide into different classes. I'm interested in developing what I call building blocks. I believe that you guys care more for pas itself :-) What pas should take care of. - Security belongs to the basic features of any application. - Logging and error handling too. - And also language handling, date/time and currency i/o. Support functions - done at a higher level - Some pages or building blocks to update security data - The same for i18n stuff Building blocks. Flexible stuff to make pas easy to use - Menus. Maybe two sets; with and without security - Shopping cart / e-commerce (a) - Content management stuff (b) - Application building (c) Examples: Common for all (a) (b) (c) - Some news presentation - Search. - menus. - "Print this page" a) Shopping cart - product presentation - cart checkout b) CM. - Group Calendar - email frontend (like IMP) - message forum - formmail, feedback - membership subscription - page editing c) OK, I admit. I'm thinking Freemoney - Easy web pages for update of composite data like -- Orders. Orderhead / orderline -- Accounting -- Products with prices -- Customers. - Backend batch processing -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 12.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Kaare R. <ka...@ka...> - 2002-05-30 19:49:40
|
> <authSystem:restrictByRole roles="loggedIn,catalogEditor"> > <A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this > </authSystem:restrictByRole> Maybe some kind of case sentence. Role a gives this button, role b another etc. > Does this make sense? Does it sound like a useful feature? The feature is useful but I guess it boils down to the question if it add too much complexity to pas. If it's straightforward, it's a win. -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 12.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Kyle R . B. <mo...@vo...> - 2002-05-30 14:46:24
|
This is also more ideas about the auth system...
We do have the goal of having the compiler support custom tags. This is in
the exact same vein as jsp's taglibs. I think Pas/PSP should support the
same kind of idiom. It's a clean, consise, consistient way to translate markup
to behavior.
A basic example is the dynamic inclusion of one PSP into another (really,
the output of one Page object into another). Following along with the
precedent set by JSP, we would have:
<%@ include file="/ec/_header.psp">
Welcome to our product page.
<psp:include page="/ec/catalog/Product">
<psp:param name="id" value="<%= $productId %>" />
</psp:include>
<%@ include file="/ec/_footer.psp">
Which would [could] translate to code in a page object which looked something
like the following:
stty: : Invalid argument
sub execute
{
my($slef) = @_;
my $request = $self->request();
my $response = $self->response();
$response->print(q{<HTML>
<HEAD>
<TITLE>Page Title</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">});
$response->print(q{
Welcome to our product page.
});
$self->dynamicIncludePage( "/ec/catalog/Product", { 'id' => $productId } );
$response->print(q{
});
$response->print(q{
</BODY>
</HTML>
});
return 1;
}
Where _header and _footer were both staticly included, while
"/ec/catalog/Product" was dynamcily included by the framework. The
method dynamicIncludePage() would construct the page object, and give it
the same access to the session that the current page object has, but
give it a query object with only the specified parameters. Then the
output from its response object would be included in-line with the
output produced by teh current page.
I would think that this would be a great addition to the framework, as
it would allow (and even encourage) parts of the site to be developed
in an extremely modular fashion.
That raises the need for the compiler to shift from its current regex based
implementation to either one based on HTML::Parser, or probably XML::Parser.
If we do do that, then we gain some importiant benefits, one of which is the
ability to implement tag libraries of this nature.
No, back to the auth system, if we have the ability to use taglibs, and
the ability for developers to define their own through configuration
directives (like an XML configuration file), then we could implement
in-page sections that are only displayed to appropriate users with
a custom taglib:
<authSystem:restrictByRole roles="loggedIn,catalogEditor">
<A HREF="/ec/admin/catalog/Product?id=<%= $product->id() %>">Edit this item</A>
</authSystem:restrictByRole>
Which would translate to code that performed the conditional logic checks.
It also seperates the logic from the PSP content -- you're not writing a
scriptlet <% ... %>, just entering static tags -- IOW these tags are
easily used by content personell, who don't have to be developers.
Does this make sense? Does it sound like a useful feature?
I've known in the back of my mind that the regex based compiler needed
to move to an HTML/XML parser based approach eventauly, maybe that time
has come.
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kaare R. <ka...@ka...> - 2002-05-30 14:12:26
|
> Well, using the same approach as above, you could set the PAS_BASE: I did, but still it wouldn't start up. > Thanks for giving it a shot. It was useful to know that set env no longer > works in Apache 2.0/mod_perl. There is a compatibility option, but it's not the right way to go. -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 14.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Kyle R . B. <mo...@vo...> - 2002-05-30 13:53:42
|
> This is true. There is a note saying that mod_perl doesn't like to fiddle
> with the environment any longer, because it's expensive, but it should do so
> in this particular case. Problem is, it doesn't :-(
>
> It seems there is another way of reading this kind of information in mod_perl
> 2.
>
> I could do this:
> export PERL5LIB=/home/pas/src
>
> Which got it past line 5 in startup.pl, but then I just crashed a little
> further ahead:
>
> [Wed May 29 23:51:26 2002] [error] Error, you msut set the environment
> variable
> PAS_BASE before running this software
> BEGIN failed--compilation aborted at /home/pas/src/Org/Bgw/Environment.pm
> line 102.
> Compilation failed in require at /home/pas/src/startup.pl line 21.
> BEGIN failed--compilation aborted at /home/pas/src/startup.pl line 21.
> Compilation failed in require at (eval 2) line 1.
Well, using the same approach as above, you could set the PAS_BASE:
export PAS_BASE=/home/pas
That should solve the complaint from the startup.pl.
> My opinion is that mod_perl is not yet even released yet. It's still CVS
> snapshots, so unless you have a very good idea to resolve this, I'd say it's
> better to wait for a released mod_perl 2.0.
Thanks for giving it a shot. It was useful to know that set env no longer
works in Apache 2.0/mod_perl.
Thanks,
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kyle R . B. <mo...@vo...> - 2002-05-30 13:51:51
|
> Hey. I just made a minor fix to Environment.pm so that $ENV{PAS_CONFIG}
> works again. Is this not what we want? I'm fairly sure that it is.
Yes, I beleive that is the behavior that we want. I wonder how/where that
got backed out...
Thanks,
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
|
From: Kaare R. <ka...@ka...> - 2002-05-30 06:51:59
|
> project based on PAS. This kind of thing works great there. Or are we > commited to having a more rigid architecture that provides > solutions-in-a-box for specific things. I know other application servers Just my 2 cents - security is not a specific thing; for me it's part of any architecture. Just as logging, error handling and i18n. -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 14.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Mental <Me...@Ne...> - 2002-05-29 23:28:46
|
Hey. I just made a minor fix to Environment.pm so that $ENV{PAS_CONFIG}
works again. Is this not what we want? I'm fairly sure that it is.
--
Mental (Me...@Ne...)
I invented the cordless extension cord.
--Steven Wright
GPG public key: http://www.neverlight.com/Mental.asc
|
|
From: Justin B. <ju...@le...> - 2002-05-29 22:35:20
|
I agree it would be simple. I'm not sure if I agree it should be part of PAS. Maybe as an example of what you can do in PAS or if we create a web based administrator interface for PAS or revive the E-commerce in a box project based on PAS. This kind of thing works great there. Or are we commited to having a more rigid architecture that provides solutions-in-a-box for specific things. I know other application servers provide specific solutions for people to develop with but most of the time they end up severely constraining the developer. You also end up forcing upon people a specific database structure. In the end, the developer ends up creating their own solutions. I think it would be neat to provide solutions people can plug-in and start working with right away. Where in the project it belongs, I don't know. Justin Kyle R . Burton wrote: > Kaare's questions about security issues, and Justin's response with the > LoggedInPage example got me thinking about authentication and authorization > issues. > > LoggedInPage is an example of this class of isses. A user visits the site, > we give them a security token (session id cookie). They authenticate (log > in), and we update their security token with 'logged in' (we set a flag > in their session). > > There is no reason why we couldn't additionaly load a list of user > roles into the user profile object (and therefore into the session), > and then have an AuthSystemPage that had a simple api, like a method > named allowedUserRoles() that returned an array (or hash or whatever) > of user roles that were allowed to access the page in question. This > method would be abstract in the AuthSystemPage, but implemented in > derived pages. The AuthSystemPage, like LoggedInPage, could use the > allowedUserRoles() from the derived class and verify the user roles > from the profile stored in the session (it could do this within > request_init(), the same way LoggedInPage works). > > Then you just derived your page object from AuthSystemPage, implement > allowedUserRoles() to return the list of 'groups' that are allowed to > access your page, and you're done. If you have a bunch of pages taht > all fall under the same role relationship, like an administrative interface, > then you could derive an intermediate class, say AdminSystemPage that > derived from AuthSystemPage, and implemented allowedUserRoles(). That > way your actual admin pages could then just derive from AdminSystemPage, > and nothing else. > > It would be quite simlpe, no? > > > What do you guys think? > > Now that you guys are starting to add alot of features, maybe it's time > to start thinking about adding on common high level functionality, like > content management, user profiles, an auth system, security (one possible > approach is described above, there may be others that are better). |
|
From: Kaare R. <ka...@ka...> - 2002-05-29 22:09:10
|
> There is no reason why we couldn't additionaly load a list of user > roles into the user profile object (and therefore into the session), > and then have an AuthSystemPage that had a simple api, like a method > named allowedUserRoles() that returned an array (or hash or whatever) > of user roles that were allowed to access the page in question. This This was somewhat I had in mind. I do have one complication though. It has to add one level of granularity. It would be necessary to allow some users to do some stuff and other users would do other stuff on the same page, e.g. one is allowed to update customers, other people are only allowed to view information. Of course there are several ways to circumvent this, but as long as we're talking ideas, why not try to take it into account. I see no way to make that level automatic though; the page programmer has to combine the feature on the page with the authentication system. -- Kaare Rasmussen --Linux, spil,-- Tlf: 3816 2582 Kaki Data tshirts, merchandize Fax: 3816 2501 Howitzvej 75 Åben 12.00-18.00 Web: www.suse.dk 2000 Frederiksberg Lørdag 11.00-17.00 Email: ka...@ka... |
|
From: Kyle R . B. <mo...@vo...> - 2002-05-29 20:34:04
|
Kaare's questions about security issues, and Justin's response with the
LoggedInPage example got me thinking about authentication and authorization
issues.
LoggedInPage is an example of this class of isses. A user visits the site,
we give them a security token (session id cookie). They authenticate (log
in), and we update their security token with 'logged in' (we set a flag
in their session).
There is no reason why we couldn't additionaly load a list of user
roles into the user profile object (and therefore into the session),
and then have an AuthSystemPage that had a simple api, like a method
named allowedUserRoles() that returned an array (or hash or whatever)
of user roles that were allowed to access the page in question. This
method would be abstract in the AuthSystemPage, but implemented in
derived pages. The AuthSystemPage, like LoggedInPage, could use the
allowedUserRoles() from the derived class and verify the user roles
from the profile stored in the session (it could do this within
request_init(), the same way LoggedInPage works).
Then you just derived your page object from AuthSystemPage, implement
allowedUserRoles() to return the list of 'groups' that are allowed to
access your page, and you're done. If you have a bunch of pages taht
all fall under the same role relationship, like an administrative interface,
then you could derive an intermediate class, say AdminSystemPage that
derived from AuthSystemPage, and implemented allowedUserRoles(). That
way your actual admin pages could then just derive from AdminSystemPage,
and nothing else.
It would be quite simlpe, no?
What do you guys think?
Now that you guys are starting to add alot of features, maybe it's time
to start thinking about adding on common high level functionality, like
content management, user profiles, an auth system, security (one possible
approach is described above, there may be others that are better).
Kyle
--
------------------------------------------------------------------------------
Wisdom and Compassion are inseparable.
-- Christmas Humphreys
mo...@vo... http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
|
6 messages has been excluded from this view by a project administrator.
