Escaping in Velocity templates for notifications

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Escaping in Velocity templates for notifications

Guido Wimmel
Hi,

we have the requirement that the username in a notification mail must be URL-encoded (as part of a link inside the mail).

Is there a way to do this in Syncope currently?
As far as I understand the code generating the mails (NotificationManager), probably not?

If not, a way to achieve this could be to add the Velocity EscapeTool [1] to the Velocity context before executing the template. This could be generalized by making NotificationManager extensible such that the creation of the Velocity context can be modified, and possibly providing an implementation that adds the Velocity toolbox, maybe in a similar way as in Spring MVC [2].

What do you think?

Regards,
  Guido

[1] http://velocity.apache.org/tools/devel/generic/EscapeTool.html
[2] http://docs.spring.io/spring/docs/3.2.8.RELEASE/javadoc-api/org/springframework/web/servlet/view/velocity/VelocityViewResolver.html
Reply | Threaded
Open this post in threaded view
|

Re: Escaping in Velocity templates for notifications

ilgrosso
Administrator
On 10/03/2014 15:55, Guido Wimmel wrote:

> Hi,
>
> we have the requirement that the username in a notification mail must be URL-encoded (as part of a link inside the mail).
>
> Is there a way to do this in Syncope currently?
> As far as I understand the code generating the mails (NotificationManager), probably not?
>
> If not, a way to achieve this could be to add the Velocity EscapeTool [1] to the Velocity context before executing the template. This could be generalized by making NotificationManager extensible such that the creation of the Velocity context can be modified, and possibly providing an implementation that adds the Velocity toolbox, maybe in a similar way as in Spring MVC [2].
>
> What do you think?

Hi Guido,
+1, adding such feature seems noticeable.

Only, I was wondering whether you can add the EscapeTool to the Velocity
context just via Spring configuration: as you can see, in fact, the
NotificationManager autowires the VelocityEngine from the following
Spring bean (defined in workflowContext.xml):

   <bean id="velocityEngine"
class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
     <property name="velocityProperties">
       <value>
         resource.loader=class
class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
       </value>
     </property>
   </bean>

I am not sure of the way to do this, but it seems logical to me that [1]
(which seems to be provided by Maven dependency
velocity-tools::velocity-tools-generic::1.4) can be injected into the
velocityEngine bean above without affecting the actual
NotificationManager Java code: am I wrong?

Regards.

> [1] http://velocity.apache.org/tools/devel/generic/EscapeTool.html
> [2] http://docs.spring.io/spring/docs/3.2.8.RELEASE/javadoc-api/org/springframework/web/servlet/view/velocity/VelocityViewResolver.html

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PPMC
http://people.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Re: Escaping in Velocity templates for notifications

ilgrosso
Administrator
On 11/03/2014 08:36, Francesco Chicchiriccò wrote:

> On 10/03/2014 15:55, Guido Wimmel wrote:
>> Hi,
>>
>> we have the requirement that the username in a notification mail must
>> be URL-encoded (as part of a link inside the mail).
>>
>> Is there a way to do this in Syncope currently?
>> As far as I understand the code generating the mails
>> (NotificationManager), probably not?
>>
>> If not, a way to achieve this could be to add the Velocity EscapeTool
>> [1] to the Velocity context before executing the template. This could
>> be generalized by making NotificationManager extensible such that the
>> creation of the Velocity context can be modified, and possibly
>> providing an implementation that adds the Velocity toolbox, maybe in
>> a similar way as in Spring MVC [2].
>>
>> What do you think?
>
> Hi Guido,
> +1, adding such feature seems noticeable.
>
> Only, I was wondering whether you can add the EscapeTool to the
> Velocity context just via Spring configuration: as you can see, in
> fact, the NotificationManager autowires the VelocityEngine from the
> following Spring bean (defined in workflowContext.xml):
>
>   <bean id="velocityEngine"
> class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
>     <property name="velocityProperties">
>       <value>
>         resource.loader=class
> class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
>
>       </value>
>     </property>
>   </bean>
>
> I am not sure of the way to do this, but it seems logical to me that
> [1] (which seems to be provided by Maven dependency
> velocity-tools::velocity-tools-generic::1.4) can be injected into the
> velocityEngine bean above without affecting the actual
> NotificationManager Java code: am I wrong?

Update: I've found that the latest stable version of Velocity Tools
seems to be

<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-tools</artifactId>
<version>2.0</version>
</dependency>

Moreover, the approach shown in [3] (more or less the one that I suggest
above) seems to be problematic: could you please check?

Regards.

>> [1] http://velocity.apache.org/tools/devel/generic/EscapeTool.html
>> [2]
>> http://docs.spring.io/spring/docs/3.2.8.RELEASE/javadoc-api/org/springframework/web/servlet/view/velocity/VelocityViewResolver.html
[3]
http://stackoverflow.com/questions/14237862/how-get-velocityengine-with-velocity-tools-in-spring-3

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PPMC
http://people.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|

Aw: Re: Escaping in Velocity templates for notifications

Guido Wimmel
Hi Francesco,

ok - if it's considered useful, I can have a closer look at it.
I've opened a corresponding JIRA issue (https://issues.apache.org/jira/browse/SYNCOPE-487).
Possibly I have time for this this week, but I cannot promise.

I don't think adding the Velocity tools to the context passed to the generation is possible
without modifying the NotificationManager, as I do not see a way to affect the context
only by configuring the Velocity engine (which seems consistent with the information
in the link [3] you posted).

If I can provide a suggested implementation, should this be against 1_1_X or trunk?
Should I provide a patch file first?

Cheers,
  Guido

> Gesendet: Dienstag, 11. März 2014 um 08:59 Uhr
> Von: "Francesco Chicchiriccò" <[hidden email]>
> An: [hidden email]
> Betreff: Re: Escaping in Velocity templates for notifications
>
> On 11/03/2014 08:36, Francesco Chicchiriccò wrote:
> > On 10/03/2014 15:55, Guido Wimmel wrote:
> >> Hi,
> >>
> >> we have the requirement that the username in a notification mail must
> >> be URL-encoded (as part of a link inside the mail).
> >>
> >> Is there a way to do this in Syncope currently?
> >> As far as I understand the code generating the mails
> >> (NotificationManager), probably not?
> >>
> >> If not, a way to achieve this could be to add the Velocity EscapeTool
> >> [1] to the Velocity context before executing the template. This could
> >> be generalized by making NotificationManager extensible such that the
> >> creation of the Velocity context can be modified, and possibly
> >> providing an implementation that adds the Velocity toolbox, maybe in
> >> a similar way as in Spring MVC [2].
> >>
> >> What do you think?
> >
> > Hi Guido,
> > +1, adding such feature seems noticeable.
> >
> > Only, I was wondering whether you can add the EscapeTool to the
> > Velocity context just via Spring configuration: as you can see, in
> > fact, the NotificationManager autowires the VelocityEngine from the
> > following Spring bean (defined in workflowContext.xml):
> >
> >   <bean id="velocityEngine"
> > class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
> >     <property name="velocityProperties">
> >       <value>
> >         resource.loader=class
> > class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
> >
> >       </value>
> >     </property>
> >   </bean>
> >
> > I am not sure of the way to do this, but it seems logical to me that
> > [1] (which seems to be provided by Maven dependency
> > velocity-tools::velocity-tools-generic::1.4) can be injected into the
> > velocityEngine bean above without affecting the actual
> > NotificationManager Java code: am I wrong?
>
> Update: I've found that the latest stable version of Velocity Tools
> seems to be
>
> <dependency>
> <groupId>org.apache.velocity</groupId>
> <artifactId>velocity-tools</artifactId>
> <version>2.0</version>
> </dependency>
>
> Moreover, the approach shown in [3] (more or less the one that I suggest
> above) seems to be problematic: could you please check?
>
> Regards.
>
> >> [1] http://velocity.apache.org/tools/devel/generic/EscapeTool.html
> >> [2]
> >> http://docs.spring.io/spring/docs/3.2.8.RELEASE/javadoc-api/org/springframework/web/servlet/view/velocity/VelocityViewResolver.html
> [3]
> http://stackoverflow.com/questions/14237862/how-get-velocityengine-with-velocity-tools-in-spring-3
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PPMC
> http://people.apache.org/~ilgrosso/
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Escaping in Velocity templates for notifications

ilgrosso
Administrator
On 24/03/2014 17:03, Guido Wimmel wrote:

> Hi Francesco,
>
> ok - if it's considered useful, I can have a closer look at it.
> I've opened a corresponding JIRA issue (https://issues.apache.org/jira/browse/SYNCOPE-487).
> Possibly I have time for this this week, but I cannot promise.
>
> I don't think adding the Velocity tools to the context passed to the generation is possible
> without modifying the NotificationManager, as I do not see a way to affect the context
> only by configuring the Velocity engine (which seems consistent with the information
> in the link [3] you posted).
>
> If I can provide a suggested implementation, should this be against 1_1_X or trunk?

I'd say you can start with 1_1_X, but then it absolutely needs to be
ported to trunk as well.

> Should I provide a patch file first?

Only if you want to get some review, otherwise... you're committer a now ;-)

Regards.

>> Gesendet: Dienstag, 11. März 2014 um 08:59 Uhr
>> Von: "Francesco Chicchiriccò" <[hidden email]>
>> An: [hidden email]
>> Betreff: Re: Escaping in Velocity templates for notifications
>>
>> On 11/03/2014 08:36, Francesco Chicchiriccò wrote:
>>> On 10/03/2014 15:55, Guido Wimmel wrote:
>>>> Hi,
>>>>
>>>> we have the requirement that the username in a notification mail must
>>>> be URL-encoded (as part of a link inside the mail).
>>>>
>>>> Is there a way to do this in Syncope currently?
>>>> As far as I understand the code generating the mails
>>>> (NotificationManager), probably not?
>>>>
>>>> If not, a way to achieve this could be to add the Velocity EscapeTool
>>>> [1] to the Velocity context before executing the template. This could
>>>> be generalized by making NotificationManager extensible such that the
>>>> creation of the Velocity context can be modified, and possibly
>>>> providing an implementation that adds the Velocity toolbox, maybe in
>>>> a similar way as in Spring MVC [2].
>>>>
>>>> What do you think?
>>> Hi Guido,
>>> +1, adding such feature seems noticeable.
>>>
>>> Only, I was wondering whether you can add the EscapeTool to the
>>> Velocity context just via Spring configuration: as you can see, in
>>> fact, the NotificationManager autowires the VelocityEngine from the
>>> following Spring bean (defined in workflowContext.xml):
>>>
>>>    <bean id="velocityEngine"
>>> class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
>>>      <property name="velocityProperties">
>>>        <value>
>>>          resource.loader=class
>>> class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
>>>
>>>        </value>
>>>      </property>
>>>    </bean>
>>>
>>> I am not sure of the way to do this, but it seems logical to me that
>>> [1] (which seems to be provided by Maven dependency
>>> velocity-tools::velocity-tools-generic::1.4) can be injected into the
>>> velocityEngine bean above without affecting the actual
>>> NotificationManager Java code: am I wrong?
>> Update: I've found that the latest stable version of Velocity Tools
>> seems to be
>>
>> <dependency>
>> <groupId>org.apache.velocity</groupId>
>> <artifactId>velocity-tools</artifactId>
>> <version>2.0</version>
>> </dependency>
>>
>> Moreover, the approach shown in [3] (more or less the one that I suggest
>> above) seems to be problematic: could you please check?
>>
>> Regards.
>>
>>>> [1] http://velocity.apache.org/tools/devel/generic/EscapeTool.html
>>>> [2] http://docs.spring.io/spring/docs/3.2.8.RELEASE/javadoc-api/org/springframework/web/servlet/view/velocity/VelocityViewResolver.html
>> [3] http://stackoverflow.com/questions/14237862/how-get-velocityengine-with-velocity-tools-in-spring-3

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/