[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp] Shared Sessions
Alejandro - I think that in WSRP we do not have a similar concept of "applications" like for servlets of portlets. At the moment each portlet can be published an intergrated individually. However the different portlets (at leat coming from the same provider) should be capable of sharing session data. I cannot see how the session ID could help here. In SOAP there is no such thing like a session (at least SOAP4J estabilshed a new session for each request) so this information cannot be used. If the portlet uses the WSRP-sessionID it is already too late as this ID does not distinguish the portlet from others in this session. The portlet would have to use at least its instance handle for namespacing. But this is information that is present only in the portlet service and not direclty in the portlet. So namespacing on the producer side would have to be done by the portlet service which complicates its implementation. If we use explicit session creation these problems could be avoided. Best regards Carsten Leue ------- Dr. Carsten Leue Dept.8288, IBM Laboratory Böblingen , Germany Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 |---------+----------------------------> | | Alejandro | | | Abdelnur | | | <alejandro.abdeln| | | ur@sun.com> | | | | | | 06/11/2002 05:59 | | | AM | | | Please respond to| | | Alejandro | | | Abdelnur | | | | |---------+----------------------------> >---------------------------------------------------------------------------------------------------------------------------------------------| | | | To: Carsten Leue/Germany/IBM@IBMDE | | cc: wsrp@lists.oasis-open.org | | Subject: Re: [wsrp] Shared Sessions | | | | | >---------------------------------------------------------------------------------------------------------------------------------------------| Carsten, A producer could achieve that level of separation by using a concept similar to servlet web applications where only servlets within the web application share the data in the session. If a portlet expects to be used more than once by a single client, the portlet should be responsible for namespacing all its data in the session using its session ID. As this may be the common case, the producer could offer a convenience mechanism for the hosted portlets. Regards. Alejandro >Mike - unfortunately I missed your note that the telephone conference began >earlier. But when we then talked about shared sessions I was a little >concerned. >As far as I understood the proposition, you would vote for creating one >session for ALL remote portlets (coming from one provider). These can then >share data in this session but would be responsible for using namespaces >when trying to store private data. > >This is clearly a simple approach but it recalls me of the "old" >programming models on desktop machines where all processes could access >(and destroy) data from all other processes on a machine. This easily leads >to instability and security issues. > >I would propose that the consumer would be responsible for a sort of >"application protection" where it lets only selected portlets (maybe based >on metadata) share a session. This could efficiently isolate different >logical sets of remote portlets. The argument that in such a case you could >simply create a new portlet service does not hold for me as in may cases >all portlets would be published by the same portal (so the same portlet >service). > > >Best regards >Carsten Leue > >------- >Dr. Carsten Leue >Dept.8288, IBM Laboratory Böblingen , Germany >Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 > > > > > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC