Tuesday, August 02, 2011
From controller to request processing
Some lower level details: obviously the controller listens on a socket, as soon as a connection is received, it handles this to a separate thread.
The separate thread should handle everything else, which means reading environment/get/post/cookie variables, merging them, and handling the actual request. It's a bit unclear if The Eiffel Web Server Gateway Interface covers this properly. The spec appears to say yes, some of the code I've seen says no, but this can be easily fixed.
Frameworks like this often provide url to handler mapping, but as I'm targeting a REST based framework, this works somewhat differently, and therefore I'll discuss possibilities and options in a later post.
I wouldn't need authentication as the web server should handle this. Else resources not controlled by the Eiffel app (files) cannot be protected without hard-work.
Authorisation is necessary, and often complex. I'll probably like to have some configuration mechanism, but it would be nice to have a central place of configuration. So could have a reusable authorisation class that takes the name of the user, the verb (GET/PUT), and the variables, and returns TRUE/FALSE and some error text. Might want to have the ability to do an override at the lowest level (resource) as well.
More on resources in the next post.
The separate thread should handle everything else, which means reading environment/get/post/cookie variables, merging them, and handling the actual request. It's a bit unclear if The Eiffel Web Server Gateway Interface covers this properly. The spec appears to say yes, some of the code I've seen says no, but this can be easily fixed.
Frameworks like this often provide url to handler mapping, but as I'm targeting a REST based framework, this works somewhat differently, and therefore I'll discuss possibilities and options in a later post.
I wouldn't need authentication as the web server should handle this. Else resources not controlled by the Eiffel app (files) cannot be protected without hard-work.
Authorisation is necessary, and often complex. I'll probably like to have some configuration mechanism, but it would be nice to have a central place of configuration. So could have a reusable authorisation class that takes the name of the user, the verb (GET/PUT), and the variables, and returns TRUE/FALSE and some error text. Might want to have the ability to do an override at the lowest level (resource) as well.
More on resources in the next post.