On Tue, Nov 22, 2011 at 4:39 PM, Carsten Ziegeler <[email protected]> wrote:
> 2011/11/22 Vidar Ramdal <[email protected]>:
>>... I'm coming late to this party, but having read the thread I'm not sure
>> if the proposal is about a) specifying access control APIs to be
>> implemented by resource providers, or b) implement access control
>> logic independently from (on top of) resource providers....
> ...the idea is about b) - I agree that thinks like search might get a
> little bit...well...interesting :) Though if you use the Sling search,
> you get resources and they will go through the same check mechanism....
Can this be done with a service interface like this, or is there more to it?
public interface ResourceAccessGate {
/** @return false if access to the supplied Resource is denied for
supplied request */
boolean acceptResource(SlingHttpServletRequest request, Resource resource);
}
If that's what you mean, I'd be ok as long as we clearly indicate that
this is just an additional application-level access gate, not to be
confused with ACLs which are handled at the repository level.
Just something like the ResourceDecorator that we already have (and
both will be called in the same places probably).
-Bertrand
