Hi there, The default security model (Orga., Group, User and even Role) is fully optional from the point of view of the new Authenticator/Authorizer/Guard filter classes. The idea is that for people without anything special in place to cover those needs, to provide a solid and extensible default model.
Regarding the "title" property, I've just removed it as it could also be confusing with the Role concept. Instead, I've added an "attributes : Map<String, Object>" property to allow to store and potential use them at authentication/authorization time. Regarding the backing by a data store, there are two ways: 1) We could load an Organization, its Users and Groups the data store at initialization time and refresh/update it regularly. The object memory would serve as a cache. 2) If no cache is wanted and you prefer to fully bypass the default model, you can still directly connect to your datastore in specific Authenticator/ Authorizer subclasses. We might even provide some default support for this in the future. For now, it is already possible to leverage the JAAS/JNDI login module provided by the JDK via the JaasVerifier class. Best regards, Jerome Louvel -- Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -----Message d'origine----- De : [email protected] [mailto:[email protected]] Envoye : lundi 16 fevrier 2009 02:48 A : [email protected] Objet : RE: Re: Using ChallengeGuard > Hi Tim, > > The new security package is now usable! You can test it with a recent > 1.2 snapshot. > > For details you can check this mail from the developers list: > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=7458&dsMessageId=1134688 > > Feed-back welcome! Hello Jerome, This API seems to assume quite a bit about the underlying user store. Some examples: - Concrete classes: User, Group, Organization. My code already has its own implementations of these. - User includes a title, first name, last name. These are fairly usage-specific properties that will not always be necessary or available. - Organizations, groups, and users are registered ahead of time, rather than requesting the information from a data store as needed. How would one implement organizations, users, and groups that are backed by a live dynamic data store (LDAP, database, otherwise)? ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1167766 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1177694
