Dear Wiki user, You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification.
The following page has been changed by gorkavicente: http://wiki.apache.org/struts/HDIV ------------------------------------------------------------------------------ '''Martin Cooper:''' Which security package(s) would you want to work with in addition to HDIV? I firmly believe that you need at least two candidates in order to successfully design an SPI. Otherwise you run a very high risk of designing an SPI that can really only be successfully used by the one candidate you designed it around. + '''HDIV team:''' We think it's better to use a SPI. From our point of view the SPI it's an extension point that could be interesting for many projects, not only for security projects. For example if you use webflow in a Struts application you have to add flow execution key parameters by hand and that could be easily solved by implementing a SPI. + + Of course, if we use the SPI it's not necessary to extend struts' tld making it easier to integrate HDIV. + + In addition to that if you use the SPI you can activate or desactivate updating Struts configuration. By default Struts can use an empty implementation of the SPI. + + HDIV can be very useful for many applications but not for others. For example if you have a public web page where it's necessary to be indexable, you shouldn't use HDIV because all links are dynamic and related with web session (the same problem of JSF but in this case you can desactivate it). + + About Paul Benedict's comment ("I don't know if HDIV has aspirations outside of Struts which would make an SPI much more palatable"), the target of HDIV is the integration with all web frameworks that need this type of security functionalities. So far we have developed HDIV versions for: + + * Struts 1 + * Struts 2 + * Spring MVC + * JSTL + * WebWork (not published) + * Stripes (not published) + * JSF (not published) + + Some of them are still under development, but they will be published in a few months. In consecuence, it will be useful if the SPI it's generic and works with all web frameworks. But thinking about the implementation and library dependencies maybe it would be better if each framework had it's own interface, similar to interceptors concept in many frameworks but in this case related with tag libraries. Anyway, we could create a first release supporting commented frameworks. + = Performance = '''Ted Husted:''' It's unusual that a feature such as this comes without penality. If HDIV were native, what would be the performance cost? Complexity cost? + + '''HDIV team:''' In our opinion the performance offered by HDIV is acceptable and it could be activated by default, but we have to take into account that it generates a problem with the pages indexation (all links are dynamic and related with web session). Consequently we think it's better if the HDIV activation it's optional. + + Another discussion is if it has to be activated by default or not. For more information about HDIV performance see [http://www.hdiv.org/docs/hdiv-performance.pdf hdiv-performance.pdf] = Validation = @@ -24, +48 @@ with Struts going to be writing their validations using HDIV's format, Commons Validator's format, or both? + '''HDIV team:''' Editable data validation offered by HDIV it's integrated with strutsâ validator. HDIV creates validation errors within HDIV's validation filter and they are added within HDIV RequestProccessor. The errors generated by HDIV are generated with the same format of Struts and they are visualized in the same way as usual errors using Struts tags ( html:errors,logic:messagesPresent, etc.). + + For more information about it see [http://www.hdiv.org/docs/hdiv-reference.pdf HDIV reference (chapter-7.1.2.4.2)]. + = Usability = '''Martin Cooper:''' How much of the functionality of HDIV is only available for people using JSP with tag libraries? If I'm using Velocity, or not using server-side presentation at all, how much of HDIV do I lose? + '''HDIV team:''' The core API of HDIV (hdiv-core) is not related with a concrete technology and itâs possible to use it with any technology. Although we havenât implemented it for Struts 1 the integration of Velocity and Freemarker it's included in Struts 2 version, see Struts 2 example application, within (struts2-showcase-2.0.x) ui-tags section. +
