[Cosmo-dev] Struts to Spring merge this weekend

Travis Vachon travis at osafoundation.org
Thu Nov 2 13:52:06 PST 2006 

Hi folks

I'm planning to do merge my Spring/ Dojo work into the trunk this Sunday 
between 12 and 6. That should provide a nice quiet time to make sure 
things are in good working order.

As my working copy is right now, there are 2 major regressions:

- the forgot password form is unavailable (this should be ready soon, if 
not by Sunday)
- the nice exception handling pages are not in place (there's a very 
good chance this will be fixed by Sunday)

New features that will come out of this merge include:

- Paging/sorting support in CMP.
- A new "<administrator> tag in CMP representations of users. Its 
presence indicates a user is an administrator.
- Post based/ batch user delection in CMP
- Dojo-ified "administer users" widget using updated CMP
- Dojo-ified login widget for /cosmo/login that can be adjusted with css 
to look like the regular login box, a login bubble, or any of the other 
nice login widgets PPD has been including in specs.
- Dojo-ified modify user widget, used for signup/ self administration/ 
modify user/ new user dialogs.
- Modified url scheme, discussed here: 
http://article.gmane.org/gmane.org.osaf.cosmo/1810
- Dojo-ified i18n.jsp, allowing Dojo widgets to take advantage of our 
server->client i18n support
- And of course, we should be able to remove the struts and tiles jars 
very soon, if not immediately.

Potential issues with this merge include:

- To support the transport level authentication needed for the Dojo CMP 
interactions, we're currently storing a base64 encoded version of the 
user's username and password in a browser cookie. This is obviously 
insecure. When I first wrote this feature, I hadn't learned about page 
unload functions in Javascript, which could provide a way of ensuring 
this cookie is only stored between page loads, but this still isn't a 
perfect solution. I'm going to post to cosmo-dev some time soon about 
the current state of authentication in Cosmo, taking into account the 
recent PPD login workflows. In any case, Brian and I have talked, and 
feel that this is an acceptable design flaw for the short term.



If anyone has any thoughts on this merge, let me know soon!

-Travis

More information about the cosmo-dev mailing list