Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] EE10, insertHandler, sessions and servlets


Joakim,

it doesn't have to be "insertHandler".   The feature we need to support is the ability to configure a context in an xml file that is deployed by the Deployment manager, including adding extra Handler.Wrappers.
Previously that has been done with an insertHandler mechanism.   I've tried replacing that with a wrapHandler mechanism, but that failed for the reasons I gave.

So one suggestion in my email is that we allow the deployer to deploy non-ContextHandler Handlers, then the xml can configure whatever it likes... so long as there is a ContextHandler in the hierarchy.  
So I think that is what you mean by using "GzipHandler.setHandler(new ServletContextHandler())"... only in a context.xml file.   I think that is a good idea, so long as it does not over complicate the deployer.
It should be happy to just get a Handler back from the config, remember that, but then look for the ContextHandler as a descendant if it needs to do further configuration (I don't think it does).

The other is to update the API wrappers so that the existing insertHandler mechanism continues to work.    Supporting backwards compatibility is good, so no harm if we can do this.   I think the things needed for it (core security handler) are good things to have anyway.   I'm a bit dubious about rebasing wrappers... but if that was the only thing required to make the old style continue to work, then that is probably fine.

cheers





On Fri, 27 Jan 2023 at 14:10, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
Personally, I don't think we should even attempt to support using a jetty-core feature underneath an environment.

The whole ServletContextHandler.insertHandler() .setGzipHandler() and the like are just awkward and difficult to explain to people (when does it execute? everybody gets it wrong, and in different ways)
Having GzipHandler.setHandler(new ServletContextHandler()) makes more sense, and is easier to document and explain.

Joakim Erdfelt / joakim@xxxxxxxxxxx


On Thu, Jan 26, 2023 at 9:00 PM Greg Wilkins <gregw@xxxxxxxxxxx> wrote:

All,

unfortunately I think there is one more moderate refactor needed before jetty-12 final... but probably not needed for a beta.

We have several context.xml files (examples, demos and documentation) that configure a context by using insertHandler on the context to insert a GzipHandler (or similar).

Whilst this still works for ee8/ee9, it does not work for ee10, as we wrap at the ServletContextHandler level, so any subsequent wrapping of the request/response is bypassed when we do a Request.as(request, ServletContextRequest.class);

I've had a few tries at working around this, primarily by introducing a Handler.wrap method, that looks for the container of the handler and inserts the wrapper above it.  That way, the context itself would be wrapped by the GzipHandler, which works fine.    But the problem is that at the point we execute a context.xml file, the contextHandler has not yet been added to the ContextHandlerCollection, thus it cannot be found by a search of the handler tree and we can't wrap it then.

We could perhaps modify the deployer so that it is happy for a context.xml file to return any type of Handler, so long as there is a ContextHandler within it. the xml would then configure the GzipHandler with the ContextHandler contained within it.

Another option is for the ServletHandler to "rebase" the API wrappers on the request/response it receives, so that any intervening wrapping is used.    This is doable either as a very specific ee10 servlet mechanism, or even as a general Handler.Wrapper mechanism that signals if a request/response is wrapped so it can know it's outer wrapper.

However, for that to work efficiently, the EE10 SecurityHandler would need to no longer operate on API request/response but instead on core request/response.   This is probably desirable anyway as it will give us core security.  However, whilst we have core sessions, we don't have a standard way of accessing those, so we'd need to create some mechanism so that core security could see core sessions, even if those sessions are wrapped as API sessions.     I think this is doable and probably a good idea anyway, regardless of the insertHandler issue.

So Lachlan, can you ponder a core security module - let's chat early next week (or tomorrow if I see you over here).
Jan, can we chat about a standard session access mechanism (maybe just some well known attributes that can be mapped to fields in API wrappers or left as attributes in core request).
Joakim, can you ponder the changes needed to the deployer to allow for non ContextHandler Handlers to be created for an App?

cheers










_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-dev
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-dev


--

Back to the top