cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ugo Cei <>
Subject Re: Linotype
Date Wed, 31 Mar 2004 15:59:08 GMT
Stefano Mazzocchi wrote:

> I'm all for a better authentication strategy but if this doesn't work 
> with our way of doing stuff, well, it's not going to help anybody.

I'm not going to repeat here all the arguments that Gianugo has put 
forward in his reply, but just say that I agree 100% with what he said.

It's certainly true that J2EE sucks in many respects, but since we're 
still using the Servlet spec that's part of J2EE, we should adhere to it 
for what it's worth. I hope that one day, Cocoon won't be a Servlet 
anymore and serve HTTP requests by itself, providing authentication and 
authorization to blocks in a transparent, hot-deployable way. On that 
day, blocks won't try do do AAA by themselves, each one in a different 
way, but will delegate it to the Cocoon Kernel, just like today they 
should delegate it to the Servlet container.

I also agree with him that we could ship Linotype without 
authentication. We could also ship with a commented-out 
<security-constraint> section in web.xml (plus a file-based realm for 
Jetty) and put a prominent notice in the homepage that if people want to 
enable authentication, they just have to uncomment it, and possibly 
setup a realm in their container of choice, if not using the provided Jetty.

> There is no need to use a standard markup for something that nobody is 
> ever going to see. I'm happy to move to a more cocoon oriented namespace 
> and move away from my own, but I don't see the need for use a markup 
> that was invented for feeds and not as a storage markup.

Atom and RSS are more or less isomorphic to the current markup, so it's 
not really important to switch right now. I'll try to fix what's broken 
with what we have and we'll decide later.


View raw message