> I am attempting to use Slide to provide webdav access to a proprietary
DMS.
> Is there currently any way to obtain authentication information within a
> slide store?
> The DMS maintains ACLs and I want it to do security checks as
> I access folders/documents within it. I need to obtain the username and
> password the user logged in with to do this.
In Slide, the stores are supposed to be dumb, which means they're not
supposed to have to deal with locking or security (or whatever advanced
feature will be introduced in the future, like indexing).
The problem here is that it prevents you from using your ACL system. I may
have a solution, though (read below).
> An example of the steps I would like to occur:
> 1) Client performs PROPFIND
> 2) retrieveObject(uri) is called in my NodeStore
> 3) At this point I want to obtain the loginname and password of the user.
> 4) I check some data structure to get a session cookie that exists if I
have
> logged the user into the DMS, if not I log the user in and obtain the
> 'cookie'.
> 5) I call into the DMS using the session cookie to obtain the object
> represented by the uri.
> 6) Return a slide ObjectNode.
>
> Is this possible?
I think so. The Uri object should have a reference to the SlideToken (which
contains the authenticated principal). I can see many cases where the store
would want to access the state information.
For more flexibility, I will also add methods to be able to pass arbitrary
state objects in the SlideToken.
You cannot access the full credentials, however (ie, username + password),
because this information is abstracted by the HTTP layer. You have two ways
to access this information :
- Write a realm which would use your DMS
- Have the servlet deal with HTTP authentication (here, you need to extend
WebdavServlet)
Remy
