On Thu, Jul 1, 2010 at 1:52 PM, Ian Boston <[email protected]> wrote: > Hi, > I want to be able to stop the listing of all child nodes at specific urls, > but still allow direct access to items in a subtree.
Not really related to Ian's post at all, but it got me thinking: Sling currently implements a way authenticating to a JCR repository via HTTP, and lets JCR handle authorization. But how about resources from other sources, like file system folders, databases etc? Should we start thinking about a common interface for authorization/authentication for an arbitrary resource, not just JCR resources? The ResourceProvider interface has a getResource(ResourceResolver, HttpServletRequest, String) method, so I guess implementors could handle authentication and access control there. But it seems it would be nice if authentication/authorization stuff was done centrally. WDYT? -- Vidar S. Ramdal <[email protected]> - http://www.idium.no Sommerrogata 13-15, N-0255 Oslo, Norway + 47 22 00 84 00 / +47 22 00 84 76 Quando omni flunkus moritatus!
