WARNING: This server provides a static reference view of the NetKernel documentation. Links to dynamic content do not work. For the best experience we recommend you install NetKernel and view the documentation in the live system .

Endpoint
Name:OneWayTrapdoorOverlay
Description:Requests may pass through but cannot resolve back out.
Id:mod.architecture.OneWayTrapdoor
Category:transparent overlay

OneWayTrapdoorOverlay is a transparent overlay. You must instantiate an instance of the overlay from its prototype, this will create a new instance within your application space.

Parameters

The mod.architecture.OneWayTrapdoor prototype has the following initialisation parameters:

NameRulesTypingDefaultDescription
spaceMandatorySpace(none)
A nested space definition which the overlay will delegate all requests in to.

Here is an auto-generated example of how to instantiate an instance of OneWayTrapdoorOverlay:

<overlay>
  <prototype>mod.architecture.OneWayTrapdoor</prototype>
  <space>
    < !--wrapped space...-->
  </space>
</overlay>
Import Requirements

To use OneWayTrapdoorOverlay transparent overlay you must import the module urn:com:ten60:netkernel:mod:architecture:

<import>
  <uri>urn:com:ten60:netkernel:mod:architecture</uri>
</import>

The OneWayTrapdoor overlay may be used to wrap a target space. It allows requests to be resolved down into the target space, however it prevents any sub-requests that may be issued inside from accessing the request scope that lies outside the trapdoor overlay...

Pass-by-value state and state in durable scopes are allowed across the trapdoor layer and so regular pass-by-value arguments are resolvable inside the trapdoor.

Usage Patterns

  • NKP security sandbox allowing external callback requests to have limited access to a sandboxed client-side request space.
  • Server-client cache consistency boundary layer.
    • Use the OneWayTrapdoor to create a separation between a server-side architecture and a client side outbound request. Any state (such as HTTP request state) must remain on its side of the boundary layer and so cannot be coupled into client-side requests. If necessary state can be passed across the boundary as pass by value arguments. By enforcing a clean isolation layer between the two sides any client-side requests can be cached without concern that transient server-side scopes may interfere and prevent caching.