After the initialization is complete, the client application can
request access to the domain. It uses one of the two different functions
calls:
-
Domain.accessNamespace(SecurityToken securityObject, String
namespace), is used to access a specific namespace. This
method returns a NamespaceAccessToken, which is used
thereafter by the application for performing operations on the
namespace
-
Domain.accessDomain(SecurityToken securityObject),
enumerates the registered namespaces with this domain. This allows
application to browse the list of available namespaces.
The Domain uses an object (argument securityObject) to decide
whether or not the client should be granted access. A good candidate is
a reference to the client servlet. If the Domain decides to grant
access, it hands out one or more NamespaceAccessToken(s) to
the client.
The NamespaceAccessToken is a wrapper object which is used to
completely hide the real Namespace object reference from the client
application. It is used by Slide to authenticate and control every
operations on the Namespace object.
Using the NamespaceAccessToken, the application can obtain
access to "helper" functions. These helper interfaces group
the namepsace operations into operational categories, such as
Structure, Security, ContentManagement
and Locking.
The NamespaceAccessToken object implements the UserTransaction
interface (see the Java Transaction API documentation for more details)
to allow the client to control transaction demarcation.
A SlideToken is retrieved from the servlet container,
and is given as the first parameter of every helper function. It is
used by the helper functions to identify the current security
Principal and/or its credentials. It also is used to store
information about the user transaction state.
What's very important to point out is that a client application placed
in a properly configured environment has no mean of accomplishing any
action except if the servlet container hands him a Principal object
(from the java.security package). So the servlet only has, at
a given time, the credentials of the principal who performs an action
through it. By itself, it can't do anything.