It's the end of my post-JavaOne honeymoon with the world, and I need to
start working again, mostly for two reasons: the first and most obvious
one, money. The second is that I'm all excited to put my hands on a
piece of code again. I haven't touched my Eclipse since the last month,
and that gave me a lot of time to think about some new, cool things to
do with my little
to-be-commercial-if-everything-goes-right-and-opensource-if-they-don't-pay-me
CMS. Sure it's not even near SiteVision, but it's doing some progress.
I just realized that I've backlogged a feature for a long time in this
system: security. I'm not really sure about how to implement it. I'm
using AOP to define plug-ins to everything, and even the core classes
(Content, Folder, Image, etc) are pluggable. So, how to make security
on this kinds of systems work? Every object on the system has an owner,
and all objects must be reachable from a single entry-point (the
HomePage object), but there's no notion of a user session yet. Any
ideas on how to transparently bind an HttpSession got from WebWork
(1.2, for now) into my business objects?
Previous Topic
