Hi, Am 12.03.2013 um 15:40 schrieb Angela Schreiber:
> hi carsten > >> just to clarify, the ResourceProviderDecorator is not a proposal for >> security - it's a proposal for extensibility. > > i tend to disagree. as lars already explained in this thread before > you can't have extensibility when it comes to access control and > permissions without messing with the internal mechanism. > > imo claiming that this has nothing to do with security is not > correct and misleading. That's not what Carsten tried to say: Point is that the ResourceProviderDecorator can be used for any extensibility. But it is *not* the means to implement security. We are on the same page ;-) Actually: It turns out that doing a ResourceProviderDecorator right is quite complex given the potential combinations of ResourceProvider extensions that might have to be captured. For now I would even go as far as to drop the ResourceProviderDecorator idea alltogether. For completeness sake: The current ResourceProviderDecorator has another flaw in that it is not provided with the ResourceProvider root registrations ... Regards Felix -- Felix Meschberger | Principal Scientist | Adobe