openerp-expert-framework team mailing list archive

[Antony Lesuisse <al@xxxxxxxxxxx>]

On 09/01/2011 03:36 PM, Raphael Valyi wrote:
> 1) what about the XML/RPC secure? will that be still supported? What URL then?
> Or will you advise to use standard XML/RPC but behind some HTTPS reverse proxy?

I would like to get rid of ssl in openerp-server and ask people to use an 
HTTPS reverse proxy. But the current plan is to keep https in the server for 6.1.

> 2) Also, what is the progress with the JSonRPC, is there some code somewhere,
> does it or will it support all he features we have with XML/RPC currently? So
> you think it will make it into 6.1 ? If jSonRPS is supported, will the
> Javascript of the new web-client use it or will it use yet a new JSon ad-hoc
> layer?

yes jsonrpc will be added in the xmlrpc branch. The javascript of web client 
will call jsonrpc in the namespace /web/<controllername> or 
/<module>/<controllername>. This layer is different from /openerp because 
there is an http session that will use werkzeug.

> 3) Also, the web-client has session support which is a lot better for the
> security (not all requests carry your password). Is it still specific to the
> web-client? Any chance this session support is extended to the usage of the
> other cross platform protocols (XML/RPC and may be true JSonRPC)?

/openerp/jsonrpc is the low level sessionless api, the one we all know

/<module>/<controller> is a session based jsonrpc api (example /web/dataset to 
search and read records)

session management and dispatching is done here:

http://bazaar.launchpad.net/~openerp/openerp-web/trunk/view/head:/addons/base/common/dispatch.py