OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [wsrp] Shared Sessions



Alejandro -

I think that in WSRP we do not have a similar concept of "applications"
like for servlets of portlets. At the moment each portlet can be published
an intergrated individually. However the different portlets (at leat coming
from the same provider) should be capable of sharing session data.
I cannot see how the session ID could help here. In SOAP there is no such
thing like a session (at least SOAP4J estabilshed a new session for each
request) so this information cannot be used. If the portlet uses the
WSRP-sessionID it is already too late as this ID does not distinguish the
portlet from others in this session. The portlet would have to use at least
its instance handle for namespacing. But this is information that is
present only in the portlet service and not direclty in the portlet. So
namespacing on the producer side would have to be done by the portlet
service which complicates its implementation.

If we use explicit session creation these problems could be avoided.


Best regards
Carsten Leue

-------
Dr. Carsten Leue
Dept.8288, IBM Laboratory B÷blingen , Germany
Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401



|---------+---------------------------->
|         |           Alejandro        |
|         |           Abdelnur         |
|         |           <alejandro.abdeln|
|         |           ur@sun.com>      |
|         |                            |
|         |           06/11/2002 05:59 |
|         |           AM               |
|         |           Please respond to|
|         |           Alejandro        |
|         |           Abdelnur         |
|         |                            |
|---------+---------------------------->
  >---------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                             |
  |       To:       Carsten Leue/Germany/IBM@IBMDE                                                                                              |
  |       cc:       wsrp@lists.oasis-open.org                                                                                                   |
  |       Subject:  Re: [wsrp] Shared Sessions                                                                                                  |
  |                                                                                                                                             |
  |                                                                                                                                             |
  >---------------------------------------------------------------------------------------------------------------------------------------------|



Carsten,

A producer could achieve that level of separation by using a concept
similar to servlet web applications where only servlets within the web
application share the data in the session.

If a portlet expects to be used more than once by a single client, the
portlet should be responsible for namespacing all its data in the
session using its session ID. As this may be the common case, the
producer could offer a convenience mechanism for the hosted portlets.

Regards.

Alejandro

>Mike - unfortunately I missed your note that the telephone conference
began
>earlier. But when we then talked about shared sessions I was a little
>concerned.
>As far as I understood the proposition, you would vote for creating one
>session for ALL remote portlets (coming from one provider). These can then
>share data in this session but would be responsible for using namespaces
>when trying to store private data.
>
>This is clearly a simple approach but it recalls me of the "old"
>programming models on desktop machines where all processes could access
>(and destroy) data from all other processes on a machine. This easily
leads
>to instability and security issues.
>
>I would propose that the consumer would be responsible for a sort of
>"application protection" where it lets only selected portlets (maybe based
>on metadata) share a session. This could efficiently isolate different
>logical sets of remote portlets. The argument that in such a case you
could
>simply create a new portlet service does not hold for me as in may cases
>all portlets would be published by the same portal (so the same portlet
>service).
>
>
>Best regards
>Carsten Leue
>
>-------
>Dr. Carsten Leue
>Dept.8288, IBM Laboratory B÷blingen , Germany
>Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401
>
>
>
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>
>
>








[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC