uPortal IRC Logs-2010-10-28

[04:39:05 CDT(-0500)] <RickardAtWork> The documentation for creating a new theme tells me to make a copy of uportal-impl/src/main/resources/properties/db/entities/theme/DLM_XHTML-1.theme, but there is no such file in 3.2.
[04:39:26 CDT(-0500)] <RickardAtWork> It appears to have been removed somewhere between 3.1.5 and 3.2.0.
[10:27:14 CDT(-0500)] <athena> EricDalquist: do you know if there's any way to use variables/expressions in a webflow transition? either w/ the on or the to attributes?
[10:27:30 CDT(-0500)] <EricDalquist> I know you can in the on=
[10:27:43 CDT(-0500)] <EricDalquist> I just did that recently ... trying to remember where
[10:27:47 CDT(-0500)] <athena> gotcha
[10:28:22 CDT(-0500)] <EricDalquist> ex:
[10:28:22 CDT(-0500)]

[10:28:29 CDT(-0500)] <athena> ah, fantastic, thanks!
[10:28:38 CDT(-0500)] <EricDalquist> yup
[10:28:56 CDT(-0500)] <athena> trying ot make the UE guys happy and implement those subflow breadcrumbs
[10:30:32 CDT(-0500)] <EricDalquist>
[10:30:46 CDT(-0500)] <athena> so how many more days do we have on the pluto release?
[10:30:56 CDT(-0500)] <EricDalquist> tomorrow night
[10:31:08 CDT(-0500)] <athena> cool
[10:31:19 CDT(-0500)] <EricDalquist> yup
[10:31:23 CDT(-0500)] <athena> want to try and make sure i leave stuff in mostly-working condition
[10:31:38 CDT(-0500)] <athena> might comment out the permission lookup thing on the permissions front page until it's skinned
[10:31:39 CDT(-0500)] <EricDalquist> I'll make sure to coordinate for the release on the list
[10:32:00 CDT(-0500)] <athena> will be pretty cool to have that out
[10:32:27 CDT(-0500)] <EricDalquist> also, do get a live build going I'm thinking we would just need to modify rdbm.properties, create a filter file for doing the CAS domain name stuff and the JDBC driver?
[10:32:42 CDT(-0500)] <EricDalquist> then just have it essentially build the quickstart
[10:35:42 CDT(-0500)] <athena> yeah, i think that should do it
[10:35:58 CDT(-0500)] <EricDalquist> apparently contegix has a "cloud" service as well
[10:36:07 CDT(-0500)] <athena> you planning to do it w/ maven filtering?
[10:36:09 CDT(-0500)] <EricDalquist> so I sent them a note asking for more details
[10:36:11 CDT(-0500)] <EricDalquist> yeah
[10:36:34 CDT(-0500)] <athena> we've set up maven filtering w/ a shared file between the portal and portlets a bunch of times
[10:36:37 CDT(-0500)] <athena> mostly works pretty well
[10:36:54 CDT(-0500)] <athena> though we have our nightly build do this stupid thing where it does a "mvn install" then "ant clean initportal"
[10:37:03 CDT(-0500)] <athena> otherwise when new dependencies get added sometimes the clean trips over them
[10:37:15 CDT(-0500)] <EricDalquist> huh weird
[10:37:25 CDT(-0500)] <athena> w/ the filtering have to make sure it really gets cleaned out well before building anything
[10:37:45 CDT(-0500)] <athena> since a change to the filter file isn't really visible to maven
[10:37:54 CDT(-0500)] <athena> we actually even managed to make the database dependency configurable
[10:38:15 CDT(-0500)] <EricDalquist> neat
[10:38:23 CDT(-0500)] <EricDalquist> my other thought was doing this as an overlay
[10:38:35 CDT(-0500)] <EricDalquist> setting up a little project in the infrastructure space in SVN
[10:38:39 CDT(-0500)] <EricDalquist> which is private
[10:38:55 CDT(-0500)] <EricDalquist> and link it to the nightly snapshot deploy build in bamboo
[10:39:07 CDT(-0500)] <EricDalquist> so after that runs it updates the overlay files and then runs that build
[10:39:15 CDT(-0500)] <athena> makes sense
[10:39:20 CDT(-0500)] <EricDalquist> which would be good to keep us honest about our overlay abilities
[10:39:24 CDT(-0500)] <athena> yes
[10:39:31 CDT(-0500)] <EricDalquist> since that is where I would really like to be eventually
[10:39:37 CDT(-0500)] <EricDalquist> people just customize uPortal via overlays
[10:39:46 CDT(-0500)] <athena> either way we'll need to have a way to update the overlay/fitler files when we update certain uportal files
[10:39:49 CDT(-0500)] <athena> particularly web.xml
[10:40:10 CDT(-0500)] <EricDalquist> yup
[10:50:10 CDT(-0500)] <athena> argh
[10:50:22 CDT(-0500)] <athena> is there some way i can see the value of an output for a spring webflow?
[10:50:28 CDT(-0500)] <athena> i never know how to debug these
[10:50:38 CDT(-0500)] <EricDalquist> uhg
[10:50:40 CDT(-0500)] <EricDalquist> I'm not sure
[10:50:44 CDT(-0500)] <EricDalquist> you're in trunk right?
[10:52:07 CDT(-0500)] <athena> yeah
[10:52:35 CDT(-0500)] <athena> there needs to be some way to put breakpoints in
[10:52:36 CDT(-0500)] <EricDalquist> you could try doing System.out.println() in the SpEL
[10:52:39 CDT(-0500)] <EricDalquist> yeah
[10:52:49 CDT(-0500)] <EricDalquist> debugging webflow is my #1 gripe
[10:52:59 CDT(-0500)] <EricDalquist> or move the logic into a helper class
[10:53:05 CDT(-0500)] <EricDalquist> call the helper method and debug that
[10:53:20 CDT(-0500)] <athena> yeah
[10:53:35 CDT(-0500)] <athena> oh does System.out.println work now?
[10:53:41 CDT(-0500)] <athena> i'd never had much luck trying that
[10:56:40 CDT(-0500)] <athena> ah, setting to TRACE logging finally makes the output mapping show up in the logs
[10:56:46 CDT(-0500)] <athena> was only at DEBUG i guess
[11:37:35 CDT(-0500)] <athena> EricDalquist: that example of yours that's using an expression in the "to" attribute using OGNL or EL?
[11:37:44 CDT(-0500)] <EricDalquist> ognl
[11:37:47 CDT(-0500)] <EricDalquist> that's in 3.2
[11:37:49 CDT(-0500)] <athena> gotcha
[11:37:58 CDT(-0500)] <athena> wonder if something's different in EL/3.3
[11:38:05 CDT(-0500)] <athena> just getting evaluated as a string
[11:40:05 CDT(-0500)] <EricDalquist> hrm
[11:48:50 CDT(-0500)] <athena> ugh finally got it working through using a decision-state
[11:48:52 CDT(-0500)] <athena> whatever.
[11:49:00 CDT(-0500)] <EricDalquist>
[11:49:08 CDT(-0500)] <athena> it works.
[11:52:55 CDT(-0500)] <athena> so i got some REST stuff working yesterday
[11:53:04 CDT(-0500)] <athena> suspect eventually we may want to change the URLs around a bit
[11:53:13 CDT(-0500)] <athena> but it's nice to have at least played with it a bit
[11:53:24 CDT(-0500)] <athena> and now the services aren't quite so specific to one portlet
[11:59:26 CDT(-0500)] <EricDalquist> great
[11:59:36 CDT(-0500)] <EricDalquist> are they still under /mvc/
[12:00:10 CDT(-0500)] <EricDalquist> back shortly
[12:05:34 CDT(-0500)] <athena> yeah, they are - would be more than happy to change that
[12:24:49 CDT(-0500)] <EricDalquist> feel free
[12:25:03 CDT(-0500)] <EricDalquist> I thought we had picked a new path prefix a while back but can't remember it
[12:25:08 CDT(-0500)] <EricDalquist> maybe /api/ ?
[12:25:16 CDT(-0500)] <athena> yeah i can't remember
[12:25:19 CDT(-0500)] <athena> but that sounds reasonable
[12:25:30 CDT(-0500)] <athena> hopefully eventually most of our servlets will be REST-y?
[12:25:35 CDT(-0500)] <EricDalquist> yes
[12:25:39 CDT(-0500)] <EricDalquist> that would be my goal
[12:25:46 CDT(-0500)] <EricDalquist> is do this all via RESTish stuff
[12:25:51 CDT(-0500)] <EricDalquist> also we should probably think about CSERF protection sooner rather than later
[12:25:59 CDT(-0500)] <EricDalquist> not sure if Spring has any magic for that
[12:26:45 CDT(-0500)] <EricDalquist> and to further the CSERF side of things using the HTTP verbs correctly
[12:26:50 CDT(-0500)] <EricDalquist> like GET should never modify anything
[13:01:14 CDT(-0500)] <athena> yeah
[13:01:25 CDT(-0500)] <athena> so right now all i've added is GET read-only services
[13:01:33 CDT(-0500)] <EricDalquist> yup
[13:01:39 CDT(-0500)] <athena> we'll have to think about what we want to add for write services and how we really want to use them
[13:01:43 CDT(-0500)] <EricDalquist> yeah
[13:01:48 CDT(-0500)] <athena> i think eventually they might be an interesting integration point for portlets
[13:01:54 CDT(-0500)] <EricDalquist> very much so
[13:01:54 CDT(-0500)] <athena> or even external services
[13:02:04 CDT(-0500)] <EricDalquist> I also like the idea of eventually doing import/export that way too
[13:02:06 CDT(-0500)] <athena> but then we need to figure out authentication to them
[13:02:09 CDT(-0500)] <EricDalquist> yes
[13:02:09 CDT(-0500)] <athena> yeah that'd be really neat
[13:02:12 CDT(-0500)] <EricDalquist> auth
[13:02:18 CDT(-0500)] <EricDalquist> and all the security that goes with them
[13:02:20 CDT(-0500)] <athena> yes
[13:02:29 CDT(-0500)] <EricDalquist> though we do have some write services right now
[13:02:34 CDT(-0500)] <EricDalquist> like the stuff for the gallery
[13:02:38 CDT(-0500)] <athena> but it'd be really interesting to have portlets that interacted w/ the groups and permissions via REST or some other API
[13:03:03 CDT(-0500)] <athena> now that we've sorted out the permissions again, you could have a portlet that adds in a new permission owner and manages its own permissions and persists them in the portal
[13:03:06 CDT(-0500)] <athena> yeah
[13:03:12 CDT(-0500)] <athena> that stuff for the gallery is kind of crufty though
[13:03:19 CDT(-0500)] <athena> not really very RESTful
[13:03:32 CDT(-0500)] <athena> very action-oriented rather than being about nouns
[13:03:46 CDT(-0500)] <EricDalquist> right
[13:03:50 CDT(-0500)] <athena> for some stuff we might be able to make it RESTful though
[13:03:54 CDT(-0500)] <athena> like add/delete tab?
[13:03:56 CDT(-0500)] <EricDalquist> but we should probably think about security for it though
[13:04:06 CDT(-0500)] <athena> yeah
[13:04:12 CDT(-0500)] <EricDalquist> since it would be easy to cserf some of those
[13:04:14 CDT(-0500)] <athena> right now it requires a session and is POST-only
[13:04:21 CDT(-0500)] <EricDalquist> yup
[13:04:34 CDT(-0500)] <EricDalquist> we might want to add the cookie as a post parameter trick
[13:04:41 CDT(-0500)] <EricDalquist> which I believe is a valid check
[13:04:53 CDT(-0500)] <EricDalquist> move that stuff under /api/
[13:05:19 CDT(-0500)] <EricDalquist> add a fitler that disallows any non GET request that doesn't have a POST (not URL) parameter equal to the user's current JSESSIONID
[13:06:19 CDT(-0500)] <EricDalquist> of course we would have to modify the JS to grab the JSESSIONID cookie and stick it in as a post parameter
[13:06:27 CDT(-0500)] <EricDalquist> but that shouldn't be too terribly hard
[13:07:58 CDT(-0500)] <athena> yeah i think that'd work
[13:08:14 CDT(-0500)] <athena> want me to at least move everything to /api/ for now?
[13:08:55 CDT(-0500)] <EricDalquist> yeah
[13:09:04 CDT(-0500)] <athena> think i can get that done today
[13:09:05 CDT(-0500)] <EricDalquist> I might be able to take a crack at that filter
[13:09:09 CDT(-0500)] <athena> cool
[13:09:12 CDT(-0500)] <EricDalquist> I wonder if we could do it via a jQuery plugin
[13:09:26 CDT(-0500)] <athena> jquery plugin?
[13:09:44 CDT(-0500)] <EricDalquist> to automate adding the jsessionID to the JS AJAX Post
[13:09:49 CDT(-0500)] <athena> dunno
[13:09:56 CDT(-0500)] <athena> we'd have to make that modification in a lot of places
[13:10:17 CDT(-0500)] <athena> do we specifically need it as a post parameter or could we do get?
[13:10:33 CDT(-0500)] <EricDalquist> if you do a GET you expose the user's session ID in the history
[13:10:34 CDT(-0500)] <athena> if we could just tack it onto the url we could send the url to the javascript w/ that already appended
[13:10:38 CDT(-0500)] <athena> true
[13:10:44 CDT(-0500)] <EricDalquist> which is bad
[13:10:54 CDT(-0500)] <athena> yeah
[13:11:18 CDT(-0500)] <athena> so i think that's all possible, but we're going to have to make modifications in a lot of places to do it
[13:11:18 CDT(-0500)] <EricDalquist> I'll go re-read the owasp stuff on cserf on the bus tonight
[13:11:22 CDT(-0500)] <EricDalquist> yeah
[13:11:33 CDT(-0500)] <EricDalquist> which is why I'm wondering if I can do it via a plugin to jQuery
[13:11:53 CDT(-0500)] <athena> well, we'd still have to modify things to use the jquery plugin
[13:12:30 CDT(-0500)] <EricDalquist> right
[13:12:41 CDT(-0500)] <athena> also i'd worry about having to update the plugin each time one of the $.ajax methods is updated in jQuery
[13:12:50 CDT(-0500)] <athena> we might be better off just adding the post parameter manually
[13:13:54 CDT(-0500)] <EricDalquist> yeah
[13:14:03 CDT(-0500)] <EricDalquist> I want AOP in JS
[13:14:23 CDT(-0500)] <EricDalquist> just add an interceptor to $.ajax
[13:14:36 CDT(-0500)] <EricDalquist> any POST to the portal's domain gets the parameter added
[13:14:49 CDT(-0500)] <EricDalquist> somehow I doubt I can do that
[13:15:19 CDT(-0500)] <athena> hehe
[13:54:43 CDT(-0500)] <athena> sort of looks like the tokeninput plugin explicitly disables browser-side caching for the urls it pulls in
[13:55:09 CDT(-0500)] <EricDalquist> what do we use that for?
[13:55:15 CDT(-0500)] <athena> permissions portlet
[13:55:21 CDT(-0500)] <EricDalquist> ah
[13:55:23 CDT(-0500)] <athena> selecting a new target to assign to
[13:55:23 CDT(-0500)] <EricDalquist> annoying
[13:55:25 CDT(-0500)] <athena> yeah
[13:55:32 CDT(-0500)] <athena> it's a pretty well-written plugin on the whole though
[13:55:42 CDT(-0500)] <athena> looks like they added the ability to change the query parameter too, which is something i was looking for
[13:55:51 CDT(-0500)] <athena> rather than be hard-coded to "q"
[13:56:03 CDT(-0500)] <athena> so we could probably write a mod to it that allows caching
[13:56:09 CDT(-0500)] <EricDalquist> yeah
[13:56:20 CDT(-0500)] <athena> and it does in-memory caching until you reload the page
[13:56:32 CDT(-0500)] <EricDalquist> that's nice
[13:57:02 CDT(-0500)] <athena> yeah, it really is nice on the whole
[13:57:19 CDT(-0500)] <athena> one of the better-written ones i've seen
[14:06:01 CDT(-0500)] <athena> hmm
[14:06:10 CDT(-0500)] <athena> seems like actually the URL is sending back no-cache headers
[14:06:29 CDT(-0500)] <athena> wonder if that's part of the new json view
[14:07:02 CDT(-0500)] <athena> there we go
[14:07:16 CDT(-0500)] <EricDalquist>
[14:07:23 CDT(-0500)] <EricDalquist> new config option on the json view?
[14:07:50 CDT(-0500)] <athena> yep
[14:07:52 CDT(-0500)] <athena> woot
[14:09:49 CDT(-0500)] <athena> dunno if we eventually want to add @XML annotations to some of the object implementations we have lying around
[14:09:53 CDT(-0500)] <athena> then people could ask for either XML or JSON
[14:09:56 CDT(-0500)] <EricDalquist> oh and the slow channel list I was complaining about?
[14:10:00 CDT(-0500)] <athena> i haven't set up any of the content mediation stuff yet
[14:10:01 CDT(-0500)] <athena> ya?
[14:10:03 CDT(-0500)] <EricDalquist> we were out of physical memory on the machine
[14:10:08 CDT(-0500)] <EricDalquist> so it was swapping the JVM
[14:10:12 CDT(-0500)] <athena> oh
[14:10:14 CDT(-0500)] <athena> lol
[14:10:17 CDT(-0500)] <athena> woops!
[14:10:36 CDT(-0500)] <EricDalquist> back down to <2s after the initial load
[14:10:42 CDT(-0500)] <athena> oh yay!
[14:10:46 CDT(-0500)] <athena> really glad to hear ti
[14:11:22 CDT(-0500)] <EricDalquist> that's for 109 published portlets
[14:11:33 CDT(-0500)] <athena> would still be great to get that down further
[14:11:34 CDT(-0500)] <EricDalquist> on a slow dev box
[14:11:37 CDT(-0500)] <athena> cool
[14:11:37 CDT(-0500)] <EricDalquist> yeah
[14:11:41 CDT(-0500)] <EricDalquist> mostly permissions checks now :/
[14:11:55 CDT(-0500)] <EricDalquist> oh ... does the new UI provide any way to pick the default tab?
[14:12:08 CDT(-0500)] <EricDalquist> wow ... that time the load was 982ms
[14:12:17 CDT(-0500)] <EricDalquist> I have a feeling in prod it will be sub second
[14:14:38 CDT(-0500)] <bjagg> Love it when you guys talk performance
[14:14:45 CDT(-0500)] <EricDalquist> lol
[15:03:04 CDT(-0500)] <EricDalquist> athena: https://issues.jasig.org/browse/UP-2886
[15:03:13 CDT(-0500)] <EricDalquist> I can probably apply that stuff tonight
[15:03:26 CDT(-0500)] <EricDalquist> and do a general search for un-escaped user entered data
[15:03:28 CDT(-0500)] <athena> no, can't pick default tab or set the tab fname
[15:03:38 CDT(-0500)] <EricDalquist> ok
[15:03:50 CDT(-0500)] <athena> and that sounds like a good change