Hi Jerome Jerome Louvel wrote: > The new security package is now usable! You can test it with a recent > 1.2 snapshot.
That's great news, I was trying to use it as well. :-) Can you make any comment on the state of release 1.2? How stable/functional/complete is the current snapshot? I'm not planning to use it in a production system but in a uni project so I'm fine with things not being tested thoroughly yet but would only switch to the snapshot if I can be sure that it's actually usable. :-) That aside I'm trying to figure out how to use the different parts of the security system. One of my requirements is that all the data about the users (their relationship to roles and their credential-checking details (user ID, hashed password)) are stored in a database (an RDF store to be exact) and should retrieved from there on every request. I guess that's a rather common situation. So I was thinking to use one Authenticator shared by all Guards that holds a connection to the database and checks the credentials by comparing them to data from the database (actually the Verifier will do that). Then I want to use the RoleAuthorizer for the authorisation step in the Guard. But that of course needs information about the relationship between the user and the roles. I'm not sure where and how to tell it about that. Since the Verifier retrieves details about the user anyway it might as well request the user's roles (even though that is not really its task and couples the verification step with the role authorisation step). But where would I put the data about the user-role relationships? I see Context has a method map(User, Role). But the RoleAuthorizer doesn't seem to care much about those mappings but only about RolePrincipals that were set on the Subject in the ClientInfo. Am I going in the right direction at all here? :-) Thanks, Simon ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1138788
