You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Andreas Hartmann <an...@apache.org> on 2003/07/16 12:19:16 UTC
Global access control setup
Hi Lenya developers,
we're about to make the sitemap access control configuration
global (i.e., publication-independent).
I guess we have to separate external (access controlled) requests
from internal requests. Maybe we should agree on a pattern to
distinguish internal from external requests:
- "**.xml" (con: does not allow viewing XML from "outside")
- "internal/**"
I see two general approaches:
1) a sitemap mounting appropriate sub-sitemaps.
<map:match pattern="**.xml" internal-only="true">
<map:mount src="internal.xmap"/>
</map:match>
<map:match pattern="**">
<map:act type="authorizer">
<map:mount src="external.xmap"/>
</map:act>
<map:redirect-to uri="{request:requestURI}?lenya.usecase=login"/>
</map:match>
2) instead of mounting, use sub-matchers inside the main sitemap.
What do you think?
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org
Re: Global access control setup
Posted by Andreas Hartmann <an...@apache.org>.
Gregor J. Rothfuss wrote:
> Andreas Hartmann wrote:
>
>> I guess we have to separate external (access controlled) requests
>> from internal requests. Maybe we should agree on a pattern to
>> distinguish internal from external requests:
>>
>> - "**.xml" (con: does not allow viewing XML from "outside")
>> - "internal/**"
>
> i prefer internal/** since we may want to expose xml to the outside
> world (rss and friends)
+1
>
>> 1) a sitemap mounting appropriate sub-sitemaps.
>
>> 2) instead of mounting, use sub-matchers inside the main sitemap.
>
> not sure about the pros / cons of these two. can you elaborate?
I prefer (1) as it enables us to build a separated access control
layer on top of the existing sitemap (that can actually stay
untouched - no need for splitting it).
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org
Re: Global access control setup
Posted by "Gregor J. Rothfuss" <gr...@apache.org>.
Andreas Hartmann wrote:
> I guess we have to separate external (access controlled) requests
> from internal requests. Maybe we should agree on a pattern to
> distinguish internal from external requests:
>
> - "**.xml" (con: does not allow viewing XML from "outside")
> - "internal/**"
i prefer internal/** since we may want to expose xml to the outside
world (rss and friends)
> 1) a sitemap mounting appropriate sub-sitemaps.
> 2) instead of mounting, use sub-matchers inside the main sitemap.
not sure about the pros / cons of these two. can you elaborate?
--
Gregor J. Rothfuss
Wyona Ltd. - Open Source Content Management - Apache Lenya
http://wyona.com http://cocoon.apache.org/lenya
gregor.rothfuss@wyona.com gregor@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-dev-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-dev-help@cocoon.apache.org