On 14/05/2008, at 3:59 PM, Maria Odea Ching wrote:
How about:
1) attach session
1a) just add credentials we have to the request, don't require
authn or
authz
2) create resource
2a) proxy resource if necessary. Require authn if we haven't to this
point. if the user has permission to both read the repo and proxy the
resource (when we later add MRM-579). If no permission, pretend
it's not
there
By pretend it's not there meaning send a 'Resource does not exist'
error
instead of 'Unauthorized' error?
Sorry, I got ahead of myself. It should be unauthorized... the
"pretend it's not there" is the behaviour for looping that we have now
where it should just continue to the next (and return unauth at the
end).
- for a collection request, we actually need a whole new DavResource
derivative that can handle the virtualised nature of it (and check
security
on each resource it attempts to list)
This is for the browse right?
It's the webdav browse (not the archiva browse), and also the webdav
collection request (for getting file listings in a share).
Cheers,
Brett
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
