Smalltalk Frameworks & Tools Seaside Seaside General
Login  Register

Re: A session-aware kind of FileLibrary - how/where to start

Posted by jtuchel on Apr 11, 2021; 5:45am
URL: https://forum.world.st/A-session-aware-kind-of-FileLibrary-how-where-to-start-tp5128139p5128394.html

Esteban,


I used your suggestion and it works very nicely. In development ;-)

Here are 2 things I encountered in a deployed image

  1. If the _s parameter is not the first one in the URL, the tracking Strategy will always return a nil key. Not sure why, especially in the light of the fact that this works fine in a dev image
  2. I have troubles getting things to work behind a load-balancing Apache because of the path. This one is really critical to me, let me explain:

I have configured Apache with mod_proxy_balancer to distribute load in sticky sessions to a few images who all listen to localhost:xxxx/MyApp. Since my Pseudo-FileLibrary needs the session context, it is necessary that all traffic of a session goes to the same image. So far, so well-known and logical.

The trouble is: my Application ist registered at: /MyApp, while the Pseudo-FileLibrary is registered at: /documents

This means that Apache mod_proxy_balancer will redirect all requests that get sent to https://mydomain/documents to https://mydomain/MyApp, which means a link or img tag points to the login page instead of a document served by my Pseudo File Library. The Pseudo File Library never gets to see a request...

I couldn't find a way to register a WARequestHandler subclass as a sub-path of a registered App. Because what I need is to register my Handler at /MyApp/documents.

WAAdmin register: MyHandler at: 'MyApp/documents'

throws an error: MyHandler doesNotUnderstand: key:.


So: how can I register a WARequestHandler at a subpath like /MyApp/documents?
Or, alternatively: how can I redirect incoming requests for /MyApp/documents to /documents within my image? (It seems hard to impossible to configure this on the Apache side...)


Any ideas or hints?



Joachim





Am 30.03.21 um 14:54 schrieb Esteban Maringolo:
On Tue, Mar 30, 2021 at 6:51 AM Sven Van Caekenberghe [hidden email] wrote:

I would try to look at WAFileHandler, which is responsible for serving the files.

I thought about the same approach.

1. Implement some WARestrictedFileHandler subclass of WAFileHandler,
where you configure (via a preference or plain instVar) the identifier
of the app that has the session registry (e.g. 'myApp')
2. In the handleFiltered: you get a reference to that WAApplication
and then you do something like:

handleFiltered: aRequestContext
  | app key session |
  app := WAAdmin defaultDispatcher handlerAt: 'myApp'.
  key := app trackingStrategy keyFromContext: aRequestContext.
  key isNil
    ifTrue: [ "generate the 403 response" ]
    ifFalse: [
     session := app cache at: key ifAbsent: [ nil ].
     session isNil
       ifTrue: [ "generate 403" ]
       ifFalse: [ ("check whether session is valid" ) ifTrue: [^super
handleFiltered: aRequestContext] ifFalse: ["403..."]
    ]
]

So the approach is to externally access the app session registry and
fetch the session from there.

What is not clear to me is whether you want to restrict access to
regular Seaside FileLibraries or to some other mapping to static files
in a filesystem.

Regards,

Esteban A. Maringolo
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside



-- 
-----------------------------------------------------------------------
Objektfabrik Joachim Tuchel          [hidden email]
Fliederweg 1                         http://www.objektfabrik.de
D-71640 Ludwigsburg                  http://joachimtuchel.wordpress.com
Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Free forum by Nabble Edit this page