Hello All ! I have been working on the Security module of our product since about past two months now and have a nice mechanism integrated into Restlet that lets us implement our security needs.
We have overwritten the Authenticator and Authorizer to hav our custom requirements met like interfacing with LDAP and fine grained roles. The bit that am currently not very happy about is the "Authorization". We are using regex based URI mappings to determine user permissions and roles. But this is not very robust, nor is completely foolproof. Also adding a new URL means the Authorizer has to be updated. I was wondering if anyone out there has a more interesting approach on how this can be. It will also be nice to know some different Authorization mechanisms. Thanks and Regards! Nirav Shah ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2448703
