Hi Simon, Quick answer: Restlet 1.2 is quite usable. Just don't use the new ServerResource class and the ConverterService for now.
For the rest, it should be working just fine. All unit tests still pass, which is a good sign :) I'll get back to you later regarding the other comments. I suggest that you also look at the Restlet developers list where are having a design discussion on this new security API. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -----Message d'origine----- De : Simon Reinhardt [mailto:[email protected]] Envoye : vendredi 13 fevrier 2009 13:58 A : [email protected] Objet : Re: Using roles & state of the snapshot Anyone? Simon Reinhardt wrote: > Hi Jerome > > Jerome Louvel wrote: >> The new security package is now usable! You can test it with a recent >> 1.2 snapshot. > > That's great news, I was trying to use it as well. :-) > Can you make any comment on the state of release 1.2? How > stable/functional/complete is the current snapshot? I'm not planning to use it in a production system but in a uni project so I'm fine with things not being tested thoroughly yet but would only switch to the snapshot if I can be sure that it's actually usable. :-) > > That aside I'm trying to figure out how to use the different parts of the > security system. One of my requirements is that all the data about the users (their relationship to roles and their credential-checking details (user ID, hashed password)) are stored in a database (an RDF store to be exact) and should retrieved from there on every request. I guess that's a rather common situation. > So I was thinking to use one Authenticator shared by all Guards that holds a > connection to the database and checks the credentials by comparing them to data from the database (actually the Verifier will do that). > Then I want to use the RoleAuthorizer for the authorisation step in the > Guard. But that of course needs information about the relationship between the user and the roles. I'm not sure where and how to tell it about that. Since the Verifier retrieves details about the user anyway it might as well request the user's roles (even though that is not really its task and couples the verification step with the role authorisation step). But where would I put the data about the user-role relationships? I see Context has a method map(User, Role). But the RoleAuthorizer doesn't seem to care much about those mappings but only about RolePrincipals that were set on the Subject in the ClientInfo. > Am I going in the right direction at all here? :-) > > Thanks, > Simon > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1138788 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1150704 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1151072
