Hello,
auto-creation of users is a useful concept, if authentication
and basic authorization is done by the servlet container.
Auto-creation is done in SecurityImpl.getPrincipal().
It does not reflect the changes in slide since 1.0.16.
1) In slide 2.0 any write operation must be wrapped into a transaction.
Most (all?) WebDAV methods start a transaction, but GET on a
collection does not. Auto-creation will fail here for a new user.
This problem is easy to fix, just start a transaction
in SecurityImpl.getPrincipal() if required.
2) SecurityImpl.getPrincipal() creates a ObjectNode, but no
NodeRevisionDescriptors or NodeRevisionDescriptor. It is
not clear to me, if there must exist NodeRevisionDescriptors
and NodeRevisionDescriptor for every ObjectNode.
3) To satisfy WebDAV ACL 12 every user should have a
"principal" resourcetype. To set this a NodeRevisionDescriptor
has to be created.
Creation of a NodeRevisionDescriptor inside SecurityImpl would have to
duplicate the code from ContentImpl since SecurityImpl has no access
to the content helper and should not have access to avoid cyclic
dependencies. Duplication of code is always bad, but in this case
it would violate the separation of responsibilities. You could
no longer choose the helpers independent from each user.
So I come to the conclusion, that security helper is the wrong
place for the auto-creation of users. It should be moved to a
higher level. Maybe Macro is the right place for this.
A user of the slide API, e.g AbstractWebdavServlet or
DirectoryIndexGenerator would check, if the a user
exist and otherwise call Macro.createUser().
Maybe a new helper interface would be even better.
Any comments?
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
