On Thursday 15 February 2007 18:38, David Leangen wrote:
> > If the roles are not satisfied by the logged in user upon the
> > request, then
> > the ContentSource will not add the component, i.e. it becomes
> > invisible. Is
> > that an acceptable behavior?
>
> So the caller/consumer of the service would simply see that the
> service is not there?
Effectively, the whole structure beyond the wiring point of the ContentSource
will not be created at all. From the ContentAggregator's point of view, the
ContentSource is just wired with an empty component.
> And how would we distinguish from cases where authorization is truly
> not permitted?
Not sure what you mean. I assume that you mean, ContentSource doesn't exist at
all. The ContentAggregator subclass can query which wires exist, and that
will return the "unauthorized" ones as well (at least the way code is written
right now).
> What would happen if we throw a NotAuthorizedException (or whatever)
> so the consumer can distinguish between the two cases rather than
> just not returning the component?? Or would we need an empty component?
Ah, yes we need an empty component. So, the pros/cons that I can is;
-o- Populate with a hidden component -o-
Pro; Can add authorization in the creations independently in runtime,
even without coding for it initially.
-o- Exception -o-
Pro; Very explicit about what is happening.
Con; Either need to declare it, in which case people will always need
to deal with it, or RuntimeException which people forget to deal
with.
Cheers
Niclas
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
