velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Glass-Husain" <wglasshus...@gmail.com>
Subject Re: Configuration pattern for StringResourceRepository
Date Tue, 08 May 2007 14:34:02 GMT
Hi Thilo,

(Incidentally I need to update that article for Velocity 1.5, as it solves
some of the problems listed).

I use one VelocityEngine to serve thousands of separate user accounts.  Each
user has their own subdirectory and references it via URL.  The controller
populates the context with user specific info based on the URL/domain name.

My main special concerns for this situation in which users upload their own
templates were:

--> #include and #parse need to only pull files from the subdirectory:
solution - write a customized IncludeEventHandler that enforces this

and

--> prevent users from getting the class loader and creating arbitrary
objects in the template - solution, use the SecureUberspector.


WILL


On 5/8/07, Nathan Bubna <nbubna@gmail.com> wrote:
>
> On 5/8/07, Thilo Schwarz <thilo.schwarz@googlemail.com> wrote:
> > Thanks for your replay!
> >
> > I've check out the trunk and did some tests and it works fine. I
> > tested for one VelocityEngine. But in my webapp I need a
> > VelocityEngine for each user, because each user has its own set of
> > templates. What's the preffered way to do this?
>
> i'm not sure.  i haven't got any experience with that sort of setup.
> though i think others here have set up such systems.   here's some
> notes from Will on securing such an app:
>
> http://wiki.apache.org/velocity/BuildingSecureWebApplications
>
> He may have other tips on keeping user templates separate too...
>
> > Do I need a class per user, that extends StringResourceRepositoryImpl,
> > velocityEngine.setApplicationAttribute("foo", repo)?
>
> No, you shouldn't need to extend StringResourceRepositoryImpl at all,
> much less have a different subclass per user.  Or did you mean
> instance?  Anyway, all you should have to do is add these properties:
>
> string.resource.loader.repository.name = <username>
> string.resource.loader.repository.static = false
>
> then you can populate each user's repository after then velocityEngine
> is initialized by doing
>
> StringResourceRepository repo =
>
> (StringResourceRepository)velocityEngine.getApplicationAttribute(<username>);
>
> > My next problem is: I have a set of velocity macros. Add the macros in
> > the same way like templates has no effect! How can I do this?
>
> velocimacro libraries currently cannot be loaded in the same manner as
> templates.  you should be using the velocimacro.library property, as
> described in this section:
>
>
> http://velocity.apache.org/engine/devel/developer-guide.html#velocity_configuration_keys_and_values
>
> > Thanks a lot for your help!
> > Regards,
> > Thilo
> >
> > 2007/5/7, Nathan Bubna <nbubna@gmail.com>:
> > > On 5/6/07, Thilo Schwarz <thilo.schwarz@googlemail.com> wrote:
> > > > Hi to all!
> > > >
> > > > It seems, I need a hit on my head. I've got the problem to
> understand
> > > > the pattern to configure the StringResourceRepository! I'm using
> > > > velocity in a standalone application. To initialize the
> > > > VelocityEngine, I do something like that:
> > > >
> > > > VelocityEngine velocityEngine = new VelocityEngine();
> > > > Properties velocityProperties = new Properties();
> > > > //  code to collect the props
> > > > velocityEngine.init(velocityProperties);
> > > >
> > > > And it works as excpected!
> > > >
> > > > How I have to extend the code to work with the
> StringResourceRepository?
> > >
> > > it's described here:
> > >
> > >
> http://velocity.apache.org/engine/releases/velocity-1.5/apidocs/org/apache/velocity/runtime/resource/loader/StringResourceLoader.html
> > >
> > > so you would do something like the following once you initialized your
> > > VelocityEngine:
> > >
> > > StringResourceRepository vsRepository =
> StringResourceLoader.getRepository();
> > > String myTemplateName = "/somewhere/intherepo/name";
> > > String myTemplateBody = "Hi, ${username}... this is a some template!";
> > > vsRepository.putStringResource(myTemplateName, myTemplateBody);
> > >
> > > but be wary, since the repository is unfortunately a singleton in
> > > Velocity 1.5, you can only initialize one VelocityEngine using the
> > > StringResourceLoader.  if you try and initialize another
> > > VelocityEngine configured to use the StringResourceLoader, you will
> > > get an IllegalStateException. :(  Also, the VelocityEngine using it
> > > must be initialized before you try to retrieve the repository.  :(
> > >
> > > I've improved things greatly for the next version of Velocity.  If you
> > > are willing to checkout and build the trunk, you can use it as
> > > described here:
> > >
> > >
> http://velocity.apache.org/engine/devel/apidocs/org/apache/velocity/runtime/resource/loader/StringResourceLoader.html
> > >
> > > > Any hints are helpfull.
> > > > Thanks and regards
> > > > Thilo
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: user-unsubscribe@velocity.apache.org
> > > > For additional commands, e-mail: user-help@velocity.apache.org
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@velocity.apache.org
> > > For additional commands, e-mail: user-help@velocity.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@velocity.apache.org
> > For additional commands, e-mail: user-help@velocity.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@velocity.apache.org
> For additional commands, e-mail: user-help@velocity.apache.org
>
>


-- 
Forio Business Simulations

Will Glass-Husain
wglass@forio.com
www.forio.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message