Hi at all 
I'm Stefano from Italy (so...sorry for my  not so good english). I come from 
JSP-Relational DB and Java world (before 2007) and after some years of stop,
I'm trying to develop a new platform for building collaborative journalistic
stuffs (eg. article, newspapers and so on) using "new" technologies (REST,
NOSQL, workflow engine). So the scenario  is quite simple:

1) Different Kind of people  can access to platform (anonimous users,
writers, readers, editors, administrators) and everyone of them can be, for
example,  editor for one article and also only reader for another one)

2)collaborative resources can have different kind of protection policy in
example, some articles are private (manageable only by their owner),  other
are manageable  by a dinamic group of users, and finally other are public
(manageable by every autentichated user)

So I've already buy restlet in action MEAP ebook (great job) for better
understand  RESTLET powerful characteristics and after 6 chapter I'm in
crisis on  secure issues (probably because of my servlet stateful
background). 

I mean that in JSP world , after a login form , usually I use
session.setParameter ("user", User)  using a POJO User with some methods
like public Boolean checkModification(Article ID) that return true if
current user can modify resource with given ID,  and public Boolean
checkView(Article ID) that  return true if current user can view resource.
Obviusly those methods have business logic that check in some way permission
grant (i. e. a SQL query on a RDBMS). In my opinion, in this way is avoid
also the problem of cross injection  because the user  pojo is in memory in
context session on server side.

I'm sure (or better, I hope) that the same kind of security can be reached
also with RESTLET framework....but I'm confused about this topic and about
the better solution for my project.

For other features i need to use Restlet as  Servlet  in Tomcat , so please
..can everyone  guide me in the choose of right secure architecture, to
obtain content protection policy (like explained above)and also to avoid
malicius injection, by using Tomcat and Restlet? 

I hope in your help...thanks in advance.
Stefano
 


--
View this message in context: 
http://restlet-discuss.1400322.n2.nabble.com/Solution-Design-Crisis-tp6264270p6264270.html
Sent from the Restlet Discuss mailing list archive at Nabble.com.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2719024

Reply via email to