In order to have built-in security in Neptune, you first need a security service. The security service will be instantiated with the rest of the application-scoped components in the site and will also need to be aware of session/client data (perhaps via SessionMgr).
This security service needs to have the following methods:
This method takes a comma-delimited list of permission names and makes the Security component aware of them. This awareness should persist for at least as long as the component is instantiated. As will be covered later, this will allow any program to announce permissions that it requires.
This method should return a boolean value. "True" if the permissions passed is an empty string or if the user has any of the given permissions and "False" otherwise.
This method should take a CGI.SCRIPT_NAME value and return the URL to which the user should be redirected if they do not have access to the given page. The method need not check to see if the user does have that access, merely where to go if they do not.
This method simply returns a boolean value to indicate if the current user is logged in.
This method should take a CGI.SCRIPT_NAME value and return a boolean value to indicate if it is secured by default or not. Ideally this should just be a blanket check to see if the folder requires a login. More specific logic connected to given pages will happen elsewhere.