cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giacomo Pati <Giacomo.P...@pwr.ch>
Subject Re: [C2] (hopefully) last sitemap major changes
Date Mon, 03 Jul 2000 06:57:20 GMT
Niclas Hedhman wrote:
> 
> Nicola Ken Barozzi wrote:
> 
> > > > Another thing is security.
> > >
> > > yep, "another thing".
> > >
> > > > Now I made my taglib for security but why not specify it in the sitemap?
> > >
> > > For example?
> >
> > The web.xml in J2EE is similar in some ways to the sitemap; in it you can specify
> > security constraints for web resource collections.
> >
> >     <security-constraint>
> >       <web-resource-collection>
> >          <web-resource-name>Protected Area</web-resource-name>
> >   <!-- Define the context-relative URL(s) to be protected -->
> >          <url-pattern>/restricted/*</url-pattern>
> >   <!-- If you list http methods, only those methods are protected
> >   <http-method>DELETE</http-method>
> >          <http-method>GET</http-method>
> >          <http-method>POST</http-method>
> >   <http-method>PUT</http-method> -->
> >       </web-resource-collection>
> >
> > Here you limit HTTP methods in a url pattern.
> > In C2 you could limit views.
> >
> > Anyway security is much bigger than something to put in the sitemap.
> > I am still confused on how it could implemented.
> > Are there any ideas on how C2 must deal with security issues anyone?
> 
> I think the nearest we get in the first round is a FileAuthenticationChooser.
> It will basically use a kind of .htaccess file in each directory, and then "grant access"
> to that subpipe.
> I have also been lurking with the idea of a ResourceAuthenticationChooser, which would
> work on the Resource abstraction in the sitemap.
> 
> Stefano/Giacomo, since I am looking into these Choosers at the moment, how do they get
a
> reference to the whole Cocoon context, and such thing as resource/path in process and
so
> forth.

Maybe this can work: If a Chooser implements SitemapComponent it gets
called at request time with setup (request, response, source,
parameters). Can this help you? In the generated SitemapProcessor, I'm
working on, I've not decided to use a tree of Configuration objects to
serve the components (it derives directly from the sitemap.xmap). If
this is realy necessary I will first parse the sitemap.xmap file into a
tree of Configuration objects and afterwards generate the
SitemapProcessor from it.

Giacomo

-- 
PWR GmbH, Organisation & Entwicklung      Tel:   +41 (0)1 856 2202
Giacomo Pati, CTO/CEO                     Fax:   +41 (0)1 856 2201
Hintereichenstrasse 7                     Mailto:Giacomo.Pati@pwr.ch
CH-8166 Niederweningen                    Web:   http://www.pwr.ch

Mime
View raw message