protecting content generated outside Turbine?

[Rob Leachman <qu...@bitblaster.com>]

Hello,

Before I go and do this the wrong way I thought I'd ask for advice.

I have content related to my Turbine project that is created by
applications that are not Java programs (gasp!). The goal here is to
extend Flux authentication (specifically, data.getACL() and its associated
user/role/permissions tables) to protect access to the not-Java
not-Turbine applications and the content they produce.

The simple example would be static HTML generated in batch by an external
application. I see how I could write screens and actions to serve this
content, then tie those screens and actions to Turbine/Flux. Is there a
better way?

I hope so. ATM I am thinking one better way would be to implement Tomcat's
org.apache.tomcat.request.JDBCRealm to read into the Flux tables of my
project's db and see what should be allowed against the request. Actually
I sat down to start trying to code such a feature -- it would seem to have
value beyond my specific project -- but I don't know what would be
required to instantiate a proper RunData object.

Mostly though I'm not coding tonite because I bet there are some more
experienced coders out there with ideas for how to proceed. I do not know if I've been clear; I did not mention, the grand plan here would be to protect the static HTML today, and tomorrow have something to build on for the case where access to non-Turbine servlets needs authentication.

Clues? Suggestions? TIA!

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org