The following is a requirements document for the OpenACS 4.0 request processor. The major enhancements in the 4.0 version include a more sophisticated directory mapping system that allows package pageroots to be mounted at arbitrary URLs, and tighter integration with the database to allow for flexible user controlled url structures, and subsites.
Most web servers are designed to serve pages from exactly one static pageroot. This restriction can become cumbersome when trying to build a web toolkit full of reusable and reconfigurable components.
The request processor's functionality can be split into two main pieces.
Set up the environment in which a server side script expects to run. This includes things like:
Initialize common variables associated with a request.
Authenticate the connecting party.
Check that the connecting party is authorized to proceed with the request.
Invoke any filters associated with the request URI.
Determine to which entity the request URI maps, and deliver the content provided by this entity. If this entity is a proc, then it is invoked. If this entitty is a file then this step involves determining the file type, and the manner in which the file must be processed to produce content appropriate for the connecting party. Eventually this may also require determining the capabilities of the connecting browser and choosing the most appropriate form for the delivered content.
It is essential that any errors that occur during the above steps be reported to developers in an easily decipherable manner.
10.0 Multiple Pageroots
10.10 Pageroots may be combined into one URL space.
10.20 Pageroots may be mounted at more than one location in the URL space.
20.0 Application Context
20.10 The request processor must be able to determine a primary context or state associated with a pageroot based on it's location within the URL space.
30.10 The request processor must be able to verify that the connecting browser actually represents the party it claims to represent.
40.10 The request processor must be able to verify that the party the connecting browser represents is allowed to make the request.