cayenne-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <and...@objectstyle.org>
Subject Re: ROP over LinkRest
Date Mon, 01 Sep 2014 11:56:08 GMT

On Sep 1, 2014, at 10:05 AM, Aristedes Maniatis <ari@maniatis.org> wrote:

> On 1/09/2014 4:17pm, Andrus Adamchik wrote:
>> More likely not to servlets, but to JAX-RS resources that work on top of servlets.
Also while we can have a single endpoint (say LinkRestResource) that dynamically serves all
entities, in this model it will be trivial to add per-entity endpoints , each with its own
security characteristics, all tied to a single ServerRuntime.
> 
> So the security model would be wrapped around URL paths rather than the types of entities
returned by the queries?

Yes. And beyond that. Once you've authorized to access a certain endpoint, LinkRest allows
for additional data filters based on your roles.

> That's quite nice since it means there are lots of options for security outside of Cayenne,
even down to simple authentication inside Apache httpd which can be controlled against regex
path expressions.

Totally. 

Andrus


Mime
View raw message