Ability to alter soffit modelandview, only send encryptedToken #802
Conversation
|
At OU we are trying to pass more information to the JSP, for example passing the IP address of the specific soffit to the page so it can grab js/css resources from it self. The only way to do this is per soffit. Also from a security stand point now the page only gets the encrypted token. It also cuts down on the payload being sent, allowing for faster response times. |
|
Thanks for getting the dialog going again OU folks! I'm trying to get caught up on this item. It looks like there are a few things going on here. Can we schedule a hangout? This one might go better as a live discussion. |
|
@drewwills sure that works for me. I'm open from 8am-3pm tomorrow to talk about it. |
| @@ -123,8 +121,10 @@ public ModelAndView render(final HttpServletRequest req, final HttpServletRespon | |||
| // Set up cache headers appropriately | |||
| configureCacheHeaders(res, module); | |||
|
|
|||
| return new ModelAndView(viewName.toString(), PORTAL_REQUEST_MODEL_NAME, portalRequest); | |||
| ModelAndView mav = new ModelAndView(viewName.toString()); | |||
There was a problem hiding this comment.
viewName is already a String, so is the call to .toString() necessary?
There was a problem hiding this comment.
After talking with @bpowell. It seems like him and @drewwills have come to the conclusion of going a different route. Therefore, I'll be closing this request.
Trying to modify the PortalRequest is causing a bunch of issues with trying to access the Bearer encryptedToken. So I believe that just passing the encryptedToken around allows for a few things. One, it allows for the render modelandview for the soffit to be altered thus allowing for user specific data to be added. Also, it has the added security benefit of only having the encryptedToken visible.