Hi, Am 13.03.2013 um 12:14 schrieb Alexander Klimetschek:
> On 13.03.2013, at 10:38, Felix Meschberger <fmesc...@adobe.com> wrote: > >> I think that's start of my thread: Don't use ResourceProviderDecortator or >> some other non-mandatory thing to implement access control. Access control >> should be intrinsic to the ResourceProvider and the ResourceProvider should >> either leverage the underlying store (as the JCR ResourceProvider) or use a >> central service which Mike is now going after. > > And if you have an existing ResourceProvider such as the file system one that > you want to enhance with an ACL mechanism, you: > - build a new resource provider, e.g. AclFSResourceProvider > - that wraps the existing one (fs provider) > - uses the new separate acl service ResourceAccessSecurity > > That should work, right? A wrapper can do the ACL checks and decide whether > to return something or null, or wrap modifieable resources with an ACL check > or not. That's one option (though insecure of some sort). For the concrete case of the FSResourceProvider, Mike's idea is to add support for the acl service into the base FSResourceProvider -- maybe we can add configuration to require or not ACL support. Regards Felix > > Cheers, > Alex -- Felix Meschberger | Principal Scientist | Adobe