Hi
To be sure (and save some time coding ;-) ), I sum up our discussion:
We can keep the basic singleton service (ResourceAccessSecurity) in the API
and document it like this:
* Expected to only be implemented once in the framework/application
(much like the OSGi LogService or Configuration Admin Service)
* ResourceProvider implementations are encouraged (or stronger)
to use this service for access control unless the underlying
storage already has it.
We implement the ResourceAccessSecurity service in a extension bundle.
There will be only one implementation of this service (singleton).
The implementation of ResourceAccessSecurity will use the proposed
ResourceAccessGate for it's own extensability.
We implement the use of the ResourceAccessSecurity service in FsResourceProvider
And BundleResourceProvider.
If that is okay I will come up with some new code.
Best regards
mike
