> -----Original Message----- > From: Carsten Ziegeler [mailto:[email protected]] > Sent: Sunday, March 24, 2013 2:10 PM > To: [email protected] > Subject: Re: [RT] ResourceAccessSecurity service for ResourceProvider without > ACLs > > 2013/3/24 Mike Müller <[email protected]>: > > From: Carsten Ziegeler [mailto:[email protected]] > >> This sounds like an interesting idea - what would it need in the > >> resource resolver bundle to support this property? > > > > Not that much. The resource resolver bundle would route calls for > > a resource provider with the new property set, through the > > ResourceAccessSecurity > > service. If no resource provider has set the property, nothing changes. > > If no ResourceAccessSecurity service is available but a resource provider > > has set the property, access to resources of this provider will not be > > allowed by default. > > If we take the ResourceAccessSecurity interface out of the Sling API bundle > > - > > as proposed by Alexander and Bertrand - we should make a > > resourcesecurity-api > > bundle to separate the implementation from the API. Resource resolver bundle > > then only imports the resourcesecurity-api. > > If we add support for calling this service from within the resource > resolver bundle, then the interface should definitely stay in the api. > We already have different packages with different services implemented > by different bundles, so I don't see why we should make a difference > here and put it into a different bundle.
That was and would be my preference as well. Best regards Mike
