Hi Juanjo, Juanjo Vázquez schrieb: >> The proposal also allows for much more >> flexibility in building the Resource tree made of ResourceProviders >> where each ResourceProvider itself may actually be provided by a >> ResourceProviderFactory. > > > Felix, this implementation would allow to have an only one security > management for the whole virtual resources tree, really?. I understand this > is not possible until now.
Ehrm, no, this is not intended. The goal is to allow ResourceProviders to protect their resources by authenticating the access. Today, we authenticate against a single JCR ResourceProvider while all other resource providers (servlets, bundles, filesystem) do not authenticate at all. With the new ResourceProviderFactory and ResourceResolverFactory, authenticating ResourceProviders may be implemented. Enforcement of access control will remain an implementation detail of the actual ResourceProvider. Regards Felix
