cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grzegorz Kossakowski <g...@tuffmail.com>
Subject Re: SSF
Date Thu, 27 Mar 2008 22:21:03 GMT
Patrick Heiden pisze:
>> The other possibility (maybe better one) could be to let the auth-block and rendering
block
>> stand alone and then let the service blocks depend on them.
> 
> This has still the 'disadvantage' of users beeing able to call blocks directly.

You should use Spring AOP support (concretely: before advice) for stuff like this (more below).

> Grzegorz: I recognized the updated SSF-documentation with new image about DispatcherServlet[1]
> (nice!). 

Thanks. Those images are little bit messed up. Will have to look what's happening out there.

> There it is pointed out, that ONLY DispatcherServlet (wich acts as the
> mainControllerBlock) sould delegate requests. My mentioned 'disadvantage' is still true.
What am
> I missing in this 'simple' design? Or am I just adding useless complexity due to my thoughts
> about authentication?

Authentication, authorization, limiting the access - all of these things are perfect use-cases
for 
Spring's AOP support[1]. You should create before advice on servlet's (in thise case: 
SitemapServlet) service() method. I mentioned this approach in discussion[2] with Robin Wyles.

Once you get your AOP advice configured you can do anything you like. You can delegate to
auth-block 
in order to check if user is logged in and has enough karma to access the block/resource.
If your 
checks become complicated you could create separate block with sitemap where all patterns
could be 
stored. Then you could use sitemap's powerful matchers for matching request and responding
with 
approporiate HTTP status code that your _advice_ would read and decide whether to continue
the 
processing or inform user that she is not allowed to access the resource. Possibilities are
endless.

What's important here is that with creation of AOP advice you don't break basic contract that
it's 
only DispatcherServlet allowed to dispatch requests. In the end, you don't want to establish

competition to DispatcherServlet but only tweak it a little bit, right?

AOP techniques are very powerful in such cases and it's great coincidence that you can take

advantage of them while using SSF. :-)

[1] http://static.springframework.org/spring/docs/2.5.x/reference/aop.html
[2] http://thread.gmane.org/gmane.text.xml.cocoon.user/63910


-- 
Respects,
Grzegorz Kossakowski

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message