Hi all, I agree that having a 'guest' (or better 'anonymous') principal would be useful as default access rights/permissions could be assigned to it.
Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -----Message d'origine----- De : Stephan Koops [mailto:[EMAIL PROTECTED] Envoyé : jeudi 27 novembre 2008 16:31 À : [email protected] Objet : Re: Guard suggestion Hi Bruno, while now thinking about it: If the role checking logic is accesible via the principal, than a guest principal is useful. best regards Stephan > Hi Stephan, > > Stephan Koops wrote: > > Hi Bruno, > >> I think, in the context of wider refactorisation of authentication and > >> authorisation, that authentication should provided a Principal when a > >> client has been authenticated (and perhaps a default guest principal > >> when no one has, like jGuard does, but that's a different matter). > > why not use null as "guest principal"? What is the advantage of an > > object for it? > > I don't think it's very significant. I was simply referring to what > jGuard does: > http://jguard.xwiki.com/xwiki/bin/view/Doc/Faq#HAccessFilterautomaticallytriestologmeinas27guest27Whyshouldtherebea22default22userin jGuard3FIsn27tthatasecurityissue3F > > Best wishes, > > Bruno. _________________________________________________________________________ Sensationsangebot nur bis 30.11: WEB.DE FreeDSL - Telefonanschluss + DSL für nur 16,37 Euro/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K13805B7069a
