Thanks Justin for the pointers would have a look at them. Having access information closer to resource being accessed would be good.
Chetan Mehrotra On Wed, Oct 31, 2012 at 6:46 PM, Justin Edelson <[email protected]> wrote: > Hi Chetan, > The way I've imagined this working is via properties set on the > resource type resource. I did something similar in a POC of rules for > selector/extension/suffixes: > http://svn.apache.org/repos/asf/sling/trunk/samples/urlfilter/src/main/java/org/apache/sling/samples/urlfilter/impl/UrlFilter.java > > Justin > > On Wed, Oct 31, 2012 at 12:19 AM, Chetan Mehrotra > <[email protected]> wrote: >> For one of our web applications we require CORS [1] support in Sling. >> Looking at the requirements for CORS I think it would be best >> fulfilled by a simple servlet filter. Currently there is one >> implementation for Java [2] which provides such a filter. >> >> Any suggestions on how it should be implemented keeping in mind the >> Sling design? One possible way is to capture CORS related rules as >> content data in repository like we do for mapping url. The rules can >> be captured in same way as it is being done in AWS [4]. Also the code >> can be part of Sling Security bundle (which has CSRF filter) or can be >> part of new bundle >> >> Thoughts? >> >> Chetan Mehrotra >> >> [1] http://www.w3.org/TR/cors/ >> [2] https://github.com/LuisSala/CORS-Java-Servlet-Filter >> [3] https://github.com/apache/sling/tree/trunk/contrib/extensions/security >> [4] http://docs.amazonwebservices.com/AmazonS3/latest/dev/cors.html
