A domain is an aggregation of one or more namespaces. If we use the UNIX filesystem analogy, a domain represents the root ("/") anchor where filesystems (in this case, namespaces) are mounted.

The domain controls access to its registered namespaces and performs initialization and connection management on behalf of the namespaces.

From the client application's perspective, the domain represent the only directly accessible object. It is through this object that the client gains access to namespaces, using Domain.accessNamespace(SecurityToken securityObject, String namespace) static method call.

Since the domain acts as the root of a directory service, it is a static entity and there can be only one domain per Java VM.

When Slide is first initialized, the Domain configuration is loaded. Once again, if you are familiar with UNIX, the domain configuration file is the equivalent of the fstab file. The path to the domain configuration file is given through the org.apache.slide.domain property in your slide.properties file (which must be located somewhere in your CLASSPATH).

The domain configuration is written by an administrator and tells how to initialize each Namespace. The namespace initialization includes information like:

• The low-level services the namespace uses (structure store, content store ...).
• The namespace base topology, which includes the location of the base actions and paths in the namespace.

More details about those configuration files are given in the First Steps section.

After the initialization is complete, the client application can request access to the domain. It uses one of the two different functions calls:

• Domain.accessNamespace(SecurityToken securityObject, String namespace), is used to access a specific namespace. This method returns a NamespaceAccessToken, which is used thereafter by the application for performing operations on the namespace
• Domain.accessDomain(SecurityToken securityObject), enumerates the registered namespaces with this domain. This allows application to browse the list of available namespaces.

The Domain uses an object (argument securityObject) to decide whether or not the client should be granted access. A good candidate is a reference to the client servlet. If the Domain decides to grant access, it hands out one or more NamespaceAccessToken(s) to the client.

The NamespaceAccessToken is a wrapper object which is used to completely hide the real Namespace object reference from the client application. It is used by Slide to authenticate and control every operations on the Namespace object.

Using the NamespaceAccessToken, the application can obtain access to "helper" functions. These helper interfaces group the namepsace operations into operational categories, such as Structure, Security, ContentManagement and Locking.

The NamespaceAccessToken object implements the UserTransaction interface (see the Java Transaction API documentation for more details) to allow the client to control transaction demarcation.

A SlideToken is retrieved from the servlet container, and is given as the first parameter of every helper function. It is used by the helper functions to identify the current security Principal and/or its credentials. It also is used to store information about the user transaction state.

What's very important to point out is that a client application placed in a properly configured environment has no mean of accomplishing any action except if the servlet container hands him a Principal object (from the java.security package). So the servlet only has, at a given time, the credentials of the principal who performs an action through it. By itself, it can't do anything.