On Saturday 24 November 2001 21:06, Ian Bicking wrote:
> Let's see, I missed most of the latter part of this discussion.
> I'll add to the Wiki pages, but there's a particular point I was
> confused about:
>
> On Wed, 2001-11-21 at 14:13, Tavis Rudd wrote:
> > * At what stage in the request-response cycle does
> > authentification take place (Adapter, Application, or Servlet)?
> > Doing it at the Adapter level means we can use the same mechanism
> > to protect content that isn't served via WebKit. Doing it at the
> > Application level means that we can also protect static content
> > that is served via WebKit. Doing it at the Servlet level means
> > that we can only protect servlets.
>
> I'm not entirely clear about what you are thinking of here.
>
> First, isn't everything Webware serves a Servlet? Even static
> files (that are handled by Webware) are passed through as a
> servlet.
That's true, but the developer doesn't neccessarily have direct
access to those servlets ... unless they make a custom servlet
factory for unknown file types. And if you're fiddling with servlet
factories, you're fiddling with the Application.
> Also, what would it mean to have authentication at the adapter
> level? That seems identical to the Application level, more or
> less... anything that goes to the adapter goes to the AppServer,
> which goes to Application, which will almost certainly go to some
> ServletFactory and then a Servlet, no?
>
> For non-Webware resources, you'd have to do something else
> entirely. The adapters don't seem to relate.
My point was that if the authentication was done at the webserver
level (via a module like mod_webkit) then you'd be able to protect
non-webware resources as well. The advantages would be:
* consistent interface
* less things to maintain
* better scalability on multi-processor systems as the
authentication would be handled in a separate process and
wouldn't be affected by Python's global lock.
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
