New AuthResource

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of
> Ken Treis
> Sent: Monday, December 04, 2000 12:54 AM
> To: [hidden email]
> Subject: [Swazoo-devel] New AuthResource
>
>
> I realized something the other day while playing with my new
> customer's
> site.  The way the ACLResource is written, it expects you to build
> something like this:
>
> <ACLResource stringUriPattern: 'auth' ...>
>   <FileResource stringUriPattern: 'files' ...>
>
> Then, the URI for access-controlled files would be "auth/files/".  If
> you weren't authorized, it'd ask you to login.  If you were,
> it'd just
> give the files to you.
>
> The only problem was this: the first access after login would
> always be
> done with a POST.  If any subsequent requests took them off
> the page and
> they wanted to use the browser's back button to get back, the browser
> would ask them if they wanted to re-post the form data.
>
> The way this is normally dealt with is to have the successful login
> redirect the user to the files area.  So the uri for authorized files
> now looks like "auth", and it redirects you to "auth/files/"
> after you
> click the Login button.
>
> This is why I added the "found" response type (see previous message);
> it's the only one that works consistently across browsers for these
> types of redirects.
>
> My customer was also a bit concerned when, in the former
> scenario, the
> "authorized area" link would only sometimes ask him for a login and
> password.  He wasn't aware of the architecture, so the
> behavior confused
> him.  This new scenario makes more sense to the end user.
>
> To support this in an ACLResource (or any generic
> AuthResource), I had
> to add one more creation parameter: the target URI for
> redirection.  So
> now, you make an AuthResource with something like this:
>
> <ACLResource stringUriPattern: 'admin' targetUri: '/admin/home/'
> listFile: 'admin.acl'>
>
> Attached is a parcel that has the new code.
>
> ----
>
> As an aside, where is everybody else?  Joe/David/Janko/Benny, are you
> swamped with other stuff?  Jerry has gotten back to me on
> these (and I
> think he has them working in Dolphin already); I've been
> releasing these
> add-ons as parcels so as to allow for the integration of
> whatever it was
> that Benny and Janko did at CS@OOPSLA.  Joe, if you need, I can
> integrate that stuff.  Then, we can get to work on some bigger things
> (our URI resolution is bothering me again, cross-platform stuff, etc).
>
>
> Ken Treis
> [hidden email]
>

> I realized something the other day while playing with my new customer's
> site.  The way the ACLResource is written, it expects you to build
> something like this:
>
> <ACLResource stringUriPattern: 'auth' ...>
>   <FileResource stringUriPattern: 'files' ...>
>
> Then, the URI for access-controlled files would be "auth/files/".  If
> you weren't authorized, it'd ask you to login.  If you were, it'd just
> give the files to you.
>
> The only problem was this: the first access after login would always be
> done with a POST.  If any subsequent requests took them off the page and
> they wanted to use the browser's back button to get back, the browser
> would ask them if they wanted to re-post the form data.
>
> The way this is normally dealt with is to have the successful login
> redirect the user to the files area.  So the uri for authorized files
> now looks like "auth", and it redirects you to "auth/files/" after you
> click the Login button.
>
> This is why I added the "found" response type (see previous message);
> it's the only one that works consistently across browsers for these
> types of redirects.
>
> My customer was also a bit concerned when, in the former scenario, the
> "authorized area" link would only sometimes ask him for a login and
> password.  He wasn't aware of the architecture, so the behavior confused
> him.  This new scenario makes more sense to the end user.
>
> To support this in an ACLResource (or any generic AuthResource), I had
> to add one more creation parameter: the target URI for redirection.  So
> now, you make an AuthResource with something like this:
>
> <ACLResource stringUriPattern: 'admin' targetUri: '/admin/home/'
> listFile: 'admin.acl'>
>
> Attached is a parcel that has the new code.
>
> ----
>
> As an aside, where is everybody else?  Joe/David/Janko/Benny, are you
> swamped with other stuff?  Jerry has gotten back to me on these (and I
> think he has them working in Dolphin already); I've been releasing these
> add-ons as parcels so as to allow for the integration of whatever it was
> that Benny and Janko did at CS@OOPSLA.  Joe, if you need, I can
> integrate that stuff.  Then, we can get to work on some bigger things
> (our URI resolution is bothering me again, cross-platform stuff, etc).
>
> Ken Treis
> [hidden email]
>
>   ------------------------------------------------------------------------
>                        Name: authResource.zip
>    authResource.zip    Type: Zip Compressed Data (application/x-zip-compressed)
>                    Encoding: base64

> Hi:
>
> Swamped is an understatement. :-(
>
> Ken:  I will FULLY review this stuff over the weekend and post my comments.  It
> sounds to me like you are on the right track.  As to integrating Janko's OOPSLA
> stuff, I probably do need you to take that on since Swazoo has moved ahead of me
> more than I expected.  I'll send you the code this Friday, I'm in Beaverton at
> GemStone until Thursday night.  After this weekend, I expect to be much more
> involved again.