ACS 4 Request Processor Requirements
by Rafael H. Schloming
Introduction
The following is a requirements document for the ACS 4.0 request
processor. The major enhancements in the 4.0 version include a more
sophisticated directory mapping system that allows package pageroots to be
mounted at arbitrary urls, and tighter integration with the database to allow
for flexible user controlled url structures, and subsites.
Vision Statement
Most web servers are designed to serve pages from exactly one static
pageroot. This restriction can become cumbersome when trying to build a web
toolkit full of reusable and reconfigurable components.
System Overview
The request processor's functionality can be split into two main
pieces.
Set up the environment in which a server side script expects to run. This
includes things like:
Initialize common variables associated with a request.
Authenticate the connecting party.
Check that the connecting party is authorized to proceed with the
request.
Invoke any filters associated with the request URI.
Determine to which entity the request URI maps, and deliver the content
provided by this entity. If this entity is a proc, then it is invoked. If
this entitty is a file then this step involves determining the file type, and
the manner in which the file must be processed to produce content appropriate
for the connecting party. Eventually this may also require determining the
capabilities of the connecting browser and choosing the most appropriate form
for the delivered content.
It is essential that any errors that occur during the above steps be
reported to developers in an easily decipherable manner.
Related Links
Requirements
10.0 Multiple Pageroots
10.10 Pageroots may be combined into one URL space.
10.20 Pageroots may be mounted at more than one location in the URL
space.
20.0 Application Context
20.10 The request processor must be able to determine a primary context
or state associated with a pageroot based on it's location within the URL
space.
30.0 Authentication
30.10 The request processor must be able to verify that the connecting
browser actually represents the party it claims to represent.
40.0 Authorization
40.10 The request processor must be able to verify that the party the
connecting browser represents is allowed to make the request.
50.0 Scalability