This is an ignorable email Just collecting my thoughs, and setting GeoServer / uDig up for a bit of fun. Most of the fun is in GeoServer...
What is needed here is a classic 3 tier architecture, uDig by iteself forms classic 2 tier architecture (admittedly it is supposed be non classic publish/find/bind ).
You could argue that GeoServer actually represents a middle tier, it does perform higher level opperations ontop of a database, or shapefiles ... no argument there.
Problem is it is GeoSrever is stateless ... and three tiered applications are generally not, in particular I need to go stateful.
Now we already have the concept of Transaction to make geotools stateful, and that is what I will need to do. Modify WMS and WFS to notice J2EE session information in a Transaction.State. In uDig life is easy.
Where the fun comes is in making GeoServer stateful:
1. Aware of J2EE sessions (eek! vendor specific extention?)
2. Getting session down to the DataStore level
3. Using session along with shared connection pools, connections and probably DataStores with another
web application (I can put them in the same WAR if needed).
Admittedly the normal Web Server concept of user would be sufficient isolation (I don't need Back/Forward isolation like in a JSP application) this is a thick client coming to call. Both GeoServer and another J2EE application could use this to share enough state for both to see the same picture from the databases (Hrm: say Oracle long transaction support ).
We are not too far off (surprise), connection pools is often requested (and is something GeoServer should do to play nice in a proper J2EE install). The Data interface is published into the application context where it can be hunted down by other applications.
Alternatively the other application can publish up a different object into the Data slot (one that pays attention to credentials) and the rest of GeoServer can work unaware. This would be the same solution that would allow different users to "see" different GetCapabilities, indeed this could be based on path as well (an often cited need is to sever different content to different users, or let different paths see different content - as path based access control can be offloaded to Tomcat/Apache...).
Smart - wonder if justin though of this?
So what I need (in addition to an diagram of Justin's New Design) is basically for the OpenSDI mailing list to rock out. Since they have not, I am going to lay stuff out - this week. The end goals are the same and OpenSDI can catchup when someone tells them.
Thanks for the J2EE research Justin, I will post my breakdown of the current GeoServer architecture shortly.
Jody