RE: Auto-creation of users

Mon, 05 Apr 2004 07:22:56 -0700

What exactly is the difference in a Macro and a Helper?


From: Martin Holz <[EMAIL PROTECTED]>
Reply-To: "Slide Developers Mailing List" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Auto-creation of users
Date: 02 Apr 2004 12:03:29 +0200


Hello,

auto-creation of users is a useful concept, if authentication
and basic authorization is done by the servlet container.

Auto-creation is done in SecurityImpl.getPrincipal().
It does not reflect the changes in slide since 1.0.16.

1) In slide 2.0 any write operation must be wrapped into a transaction.
   Most (all?) WebDAV methods start a transaction, but GET on a
   collection does not. Auto-creation will fail here for a new user.

   This problem is easy to fix, just start  a transaction
   in SecurityImpl.getPrincipal() if required.

2)  SecurityImpl.getPrincipal() creates a ObjectNode, but no
    NodeRevisionDescriptors or  NodeRevisionDescriptor. It is
    not clear to me, if there must exist  NodeRevisionDescriptors
    and  NodeRevisionDescriptor for every ObjectNode.

3)  To satisfy WebDAV ACL 12 every user should have a
    "principal" resourcetype. To set this a NodeRevisionDescriptor
     has to be created.

Creation of a NodeRevisionDescriptor inside SecurityImpl would have to
duplicate the code from ContentImpl since SecurityImpl has no access
to the content helper and should not have access to avoid cyclic
dependencies. Duplication of code is always bad, but in this case
it would violate the separation of responsibilities. You could
no longer choose the helpers independent from each user.


    So I come to the conclusion, that security helper is the wrong
    place for the auto-creation of users. It should be moved to a
    higher level. Maybe Macro is the right place for this.
    A user of the slide API, e.g  AbstractWebdavServlet or
    DirectoryIndexGenerator would check, if the a user
    exist and otherwise call Macro.createUser().
    Maybe a new helper interface would be even better.


Any comments?

Martin






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee� Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to