cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: [C2] (hopefully) last sitemap major changes
Date Mon, 03 Jul 2000 21:10:32 GMT
Niclas Hedhman wrote:
> 
> Nicola Ken Barozzi wrote:
> 
> > > > Another thing is security.
> > >
> > > yep, "another thing".
> > >
> > > > Now I made my taglib for security but why not specify it in the sitemap?
> > >
> > > For example?
> >
> > The web.xml in J2EE is similar in some ways to the sitemap; in it you can specify
> > security constraints for web resource collections.
> >
> >     <security-constraint>
> >       <web-resource-collection>
> >          <web-resource-name>Protected Area</web-resource-name>
> >   <!-- Define the context-relative URL(s) to be protected -->
> >          <url-pattern>/restricted/*</url-pattern>
> >   <!-- If you list http methods, only those methods are protected
> >   <http-method>DELETE</http-method>
> >          <http-method>GET</http-method>
> >          <http-method>POST</http-method>
> >   <http-method>PUT</http-method> -->
> >       </web-resource-collection>
> >
> > Here you limit HTTP methods in a url pattern.
> > In C2 you could limit views.
> >
> > Anyway security is much bigger than something to put in the sitemap.
> > I am still confused on how it could implemented.
> > Are there any ideas on how C2 must deal with security issues anyone?
> 
> I think the nearest we get in the first round is a FileAuthenticationChooser.
> It will basically use a kind of .htaccess file in each directory, and then "grant access"
> to that subpipe.
> I have also been lurking with the idea of a ResourceAuthenticationChooser, which would
> work on the Resource abstraction in the sitemap.
> 
> Stefano/Giacomo, since I am looking into these Choosers at the moment, how do they get
a
> reference to the whole Cocoon context, and such thing as resource/path in process and
so
> forth.

This is the next thing we have to define after we are happy with the
sitemap.

Feel free to propose any addition/change to the Request/Response
interfaces we have.
 
> > > > How does it relate to the contracts?
> > >
> > > Which contracts? Sorry, I lost you here.
> >
> > The contracts between programmers, content creators, etc.
> > Who should be in charge of security?
> 
> Site managers of course. Content creators and Style/Graphics people have no clue,
> programmers never care, so...

Right.

-- 
Stefano Mazzocchi      One must still have chaos in oneself to be
                          able to give birth to a dancing star.
<stefano@apache.org>                             Friedrich Nietzsche
--------------------------------------------------------------------
 Missed us in Orlando? Make it up with ApacheCON Europe in London!
------------------------- http://ApacheCon.Com ---------------------



Mime
View raw message