Hi Nirav, you mean, you have one Authenticator and one Authorizator for a lot of resources? Why do you not protect every resource or some routers with own instances of the Authenticator and/or Authorizator?
best regards Stephan Nirav Shah schrieb: > Hello All ! > > I have been working on the Security module of our product since about past > two months now and have a nice mechanism integrated into Restlet that lets us > implement our security needs. > > We have overwritten the Authenticator and Authorizer to hav our custom > requirements met like interfacing with LDAP and fine grained roles. > > The bit that am currently not very happy about is the "Authorization". We are > using regex based URI mappings to determine user permissions and roles. > > But this is not very robust, nor is completely foolproof. Also adding a new > URL means the Authorizer has to be updated. > > I was wondering if anyone out there has a more interesting approach on how > this can be. > > It will also be nice to know some different Authorization mechanisms. > > Thanks and Regards! > Nirav Shah > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2448703 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2448876
