Hi there, I have a working example of a Jersey (Version 1.16) RolesAllowedResourceFilter integration with Jetspeed-1, which could work in Turbine similar. It allows having role restricted access to JAXB or Jackson annotated classes in Turbine/Jetspeed to get JSON (or XML) content - outside the Turbine screen processing. The benefit would be to have very much control of JSON - secured by the Turbine authentication; on the other side a bunch more dependencies need to be included.
Does this seem as anything, which the Turbine project could be interested in (plain code or just documentation)? Role management issues may be are more related to Jetspeed-1 ... Background: The prototype: https://svn.atlassian.com/svn/public/atlassian/vendor/jersey/trunk/osgi/functional-tests/src/test/java/com/sun/jersey/osgi/tests/grizzly/RolesAllowedTest.java . The question boils down to where to get the user (from session) and how to check the role? To get the user I just call org.apache.turbine.services.rundata.DefaultTurbineRunData.getUserFromSession (HttpSession) to get the user session (creating a Rundata object does not make much sense outside Turbine, at last I could not see it, why). To get the role I am using RoleMangement [1] -which is a Turbine Service in Jetspeed-1. What could it be for Turbine core? May beorg.apache.turbine.util.SecurityCheck.hasRole(String) or straightforward Torque (?).. Best regards, Georg [1] Cft http://portals.apache.org/jetspeed-1/apidocs/org/apache/jetspeed/services/security/RoleManagement.html (which provides an TurbineRoleManagement) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
